oss-sec mailing list archives

The Gimp CEL plug-in CVE-2012-3403 issue

From: Jan Lieskovsky <jlieskov () redhat com>
Date: Mon, 20 Aug 2012 08:29:49 -0400 (EDT)

Hello vendors,

  see below a report about the GIMP's CEL plug-in CVE-2012-3403 issue:
----------------------------------------------------------------------
Summary: Gimp (CEL plug-in): heap buffer overflow when loading external palette files

CVE: CVE-2012-3403

Description:
A heap-based buffer overflow flaw, leading to invalid free, was found in the
way KiSS CEL file format plug-in of Gimp, the GNU Image Manipulation Program,
performed loading of certain palette files. A remote attacker could provide
a specially-crafted KiSS palette file that, when opened in Gimp would cause
the CEL plug-in to crash or, potentially, execute arbitrary code with the
privileges of the user running the gimp executable.

CVSSv2: 6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P

Affected versions: All up to the latest upstream one

Patch:
------
See https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3403
    https://bugzilla.redhat.com/show_bug.cgi?id=839020#c19

for patchset covering upstream v2.2.x, v2.6.x, v2.8.x, and current
master branch versions.

Credit:
1, Issue found by: Murray McAllister,  Red Hat Security Response Team
2, Reproducer by:  Murray McAllister,  Red Hat Security Response Team 

----------------------------------------------------------------------

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Current thread:

The Gimp CEL plug-in CVE-2012-3403 issue Jan Lieskovsky (Aug 20)