Package name
gimp
Date
2011-05-29
Advisory ID
MDVSA-2011:103
Affected versions
2009.0 x86_64 , MES5 i586 , 2010.1 i586 , 2009.0 i586 , MES5 x86_64 , 2010.1 x86_64

Problem description

Multiple vulnerabilities was discovered and fixed in gimp:

Stack-based buffer overflow in the "LIGHTING EFFECTS > LIGHT" plugin in
GIMP 2.6.11 allows user-assisted remote attackers to cause a denial
of service (application crash) or possibly execute arbitrary code
via a long Position field in a plugin configuration file. NOTE:
it may be uncommon to obtain a GIMP plugin configuration file from
an untrusted source that is separate from the distribution of the
plugin itself (CVE-2010-4540).

Stack-based buffer overflow in the SPHERE DESIGNER plugin in GIMP
2.6.11 allows user-assisted remote attackers to cause a denial of
service (application crash) or possibly execute arbitrary code via a
long Number of lights field in a plugin configuration file. NOTE:
it may be uncommon to obtain a GIMP plugin configuration file from
an untrusted source that is separate from the distribution of the
plugin itself (CVE-2010-4541).

Stack-based buffer overflow in the GFIG plugin in GIMP 2.6.11
allows user-assisted remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a long
Foreground field in a plugin configuration file. NOTE: it may be
uncommon to obtain a GIMP plugin configuration file from an untrusted
source that is separate from the distribution of the plugin itself
(CVE-2010-4542).

Heap-based buffer overflow in the read_channel_data function in
file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows
remote attackers to cause a denial of service (application crash)
or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE
compression) image file that begins a long run count at the end of
the image (CVE-2010-4543, CVE-2011-1782).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php\?cPath=149\&products_id=490

The updated packages have been patched to correct these issues.

Updated packages

2009.0 x86_64

 ab317b4e3f3be709a2873f84ce30c215  2009.0/x86_64/gimp-2.4.7-1.2mdv2009.0.x86_64.rpm
 8a6bfb9b582f2a0d9cccd5a972b568e4  2009.0/x86_64/gimp-python-2.4.7-1.2mdv2009.0.x86_64.rpm
 941103b8e1655a5a064192bd6e20b6a9  2009.0/x86_64/lib64gimp2.0_0-2.4.7-1.2mdv2009.0.x86_64.rpm
 dd8c18b873a2178540d32285dee26879  2009.0/x86_64/lib64gimp2.0-devel-2.4.7-1.2mdv2009.0.x86_64.rpm 
 20e6ed8705feb5acb1cdaf7831beeeee  2009.0/SRPMS/gimp-2.4.7-1.2mdv2009.0.src.rpm

MES5 i586

 a858be803cf318a4bf65cb3f98537928  mes5/i586/gimp-2.4.7-1.2mdvmes5.2.i586.rpm
 34f3115b398f3e8c0c0ff3570c133db2  mes5/i586/gimp-python-2.4.7-1.2mdvmes5.2.i586.rpm
 9bd4f53d61bc99f82aa0c202832a1e31  mes5/i586/libgimp2.0_0-2.4.7-1.2mdvmes5.2.i586.rpm
 c4a5ff2e425ce131a5366108e5275cf9  mes5/i586/libgimp2.0-devel-2.4.7-1.2mdvmes5.2.i586.rpm 
 4211449a29646f79f66586d858833f1d  mes5/SRPMS/gimp-2.4.7-1.2mdvmes5.2.src.rpm

2010.1 i586

 b4934e6c63a58a89e26ce5a8bd4dd0aa  2010.1/i586/gimp-2.6.8-3.1mdv2010.2.i586.rpm
 cf9cd4f6c93ca1108daaa839441e41a3  2010.1/i586/gimp-python-2.6.8-3.1mdv2010.2.i586.rpm
 c096ed34e2e0272272d01bc01b640bfb  2010.1/i586/libgimp2.0_0-2.6.8-3.1mdv2010.2.i586.rpm
 df803b5a43613d2b67c3cf61bbb1e39c  2010.1/i586/libgimp2.0-devel-2.6.8-3.1mdv2010.2.i586.rpm 
 74c23d2b743d532a989e7dec401e1f66  2010.1/SRPMS/gimp-2.6.8-3.1mdv2010.2.src.rpm

2009.0 i586

 7c02d4aa8eae727861eb0920dd3483b2  2009.0/i586/gimp-2.4.7-1.2mdv2009.0.i586.rpm
 45c06cdb705f4c617b71bec50c455c26  2009.0/i586/gimp-python-2.4.7-1.2mdv2009.0.i586.rpm
 57fb06ee874653cf94881817b6690394  2009.0/i586/libgimp2.0_0-2.4.7-1.2mdv2009.0.i586.rpm
 91a7961f7e95b7597a97a5548814c063  2009.0/i586/libgimp2.0-devel-2.4.7-1.2mdv2009.0.i586.rpm 
 20e6ed8705feb5acb1cdaf7831beeeee  2009.0/SRPMS/gimp-2.4.7-1.2mdv2009.0.src.rpm

MES5 x86_64

 728cc2a6f12144650862438c9675f3e6  mes5/x86_64/gimp-2.4.7-1.2mdvmes5.2.x86_64.rpm
 96586a84019b3da23e0da6b64c8deb7b  mes5/x86_64/gimp-python-2.4.7-1.2mdvmes5.2.x86_64.rpm
 eed9cf47737fa79778b4907c8d7ee274  mes5/x86_64/lib64gimp2.0_0-2.4.7-1.2mdvmes5.2.x86_64.rpm
 7ae6020f94251df98fe667336677b25e  mes5/x86_64/lib64gimp2.0-devel-2.4.7-1.2mdvmes5.2.x86_64.rpm 
 4211449a29646f79f66586d858833f1d  mes5/SRPMS/gimp-2.4.7-1.2mdvmes5.2.src.rpm

2010.1 x86_64

 e8458c9df877106443fac58d804c9465  2010.1/x86_64/gimp-2.6.8-3.1mdv2010.2.x86_64.rpm
 26edfcc18b11395426f7fcdbf0b08b2f  2010.1/x86_64/gimp-python-2.6.8-3.1mdv2010.2.x86_64.rpm
 874338737686abb415ee3df1efb3a57e  2010.1/x86_64/lib64gimp2.0_0-2.6.8-3.1mdv2010.2.x86_64.rpm
 c11c04938bac89c9735429a4fcbd276e  2010.1/x86_64/lib64gimp2.0-devel-2.6.8-3.1mdv2010.2.x86_64.rpm 
 74c23d2b743d532a989e7dec401e1f66  2010.1/SRPMS/gimp-2.6.8-3.1mdv2010.2.src.rpm

References