Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window System (XWD) image dump with more colors than color map entries.

The remote host is affected by the vulnerability described in GLSA-201603-01 (GIMP: Multiple vulnerabilities)

    GIMP&rsquo;s network server, scriptfu, is vulnerable to the remote execution       of arbitrary code via the python-fu-eval command due to not requiring       authentication.  Additionally, the X Window Dump (XWD) plugin is       vulnerable to multiple buffer overflows possibly allowing the remote       execution of arbitrary code or Denial of Service.  The XWD plugin is       vulnerable due to not validating large color entries.
  Impact :

    A remote attacker could possibly execute arbitrary code with the       privileges of the process due or perform a Denial of Service.
  Workaround :

    There is no known work around at this time.

This update fixes the following security issues with gimp :

  - XWD plugin g_new() integer overflow. (CVE-2013-1913).
    (bnc#853423)

  - XWD plugin color map heap-based buffer overflow.
    (CVE-2013-1978). (bnc#853425)

  - memory corruption via XWD files (CVE-2012-5576).
    (bnc#791372)

Updated gimp package fixes security vulnerabilities :

An integer overflow flaw and a heap-based buffer overflow were found in the way GIMP loaded certain X Window System (XWD) image dump files.
A remote attacker could provide a specially crafted XWD image file that, when processed, would cause the XWD plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP (CVE-2013-1913, CVE-2013-1978).

This update fixes buffer overflows in the XWD loader.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Overview of Changes from GIMP 2.8.8 to GIMP 2.8.10 ==================================================

GUI :

  - Indicate if a file was exported in the Quit dialog

    - Add shortcuts and hint labels to the close and quit       dialogs that make closing and quitting easier and more       consistent

  - Rename the File->Export menu labels to match Save/Save     as

    - Fix keyboard shortcuts on OSX Mavericks

    - Don't open lots of progress popups when opening many       files

    - Correctly restore the hidden state of docks in single       window mode

Libgimp :

  - Fix exporting an image consisting of a single layer     group

    - Don't attempt to pick transparent colors

Plug-ins :

  - Fix crash in LCMS plugin if RGB profile was missing

General :

  - Bug fixes

    - Translation updates Overview of Changes from GIMP       2.8.8 to GIMP 2.8.10       ==================================================

GUI :

  - Indicate if a file was exported in the Quit dialog

    - Add shortcuts and hint labels to the close and quit       dialogs that make closing and quitting easier and more       consistent

  - Rename the File->Export menu labels to match Save/Save     as

    - Fix keyboard shortcuts on OSX Mavericks

    - Don't open lots of progress popups when opening many       files

    - Correctly restore the hidden state of docks in single       window mode

Libgimp :

  - Fix exporting an image consisting of a single layer     group

    - Don't attempt to pick transparent colors

Plug-ins :

  - Fix crash in LCMS plugin if RGB profile was missing

General :

  - Bug fixes

    - Translation updates

Additionally, this update fixes buffer overflows in the XWD loader.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Murray McAllister discovered that GIMP incorrectly handled malformed XWD files. If a user were tricked into opening a specially crafted XWD file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user's privileges.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

A stack-based buffer overflow flaw, a heap-based buffer overflow, and an integer overflow flaw were found in the way GIMP loaded certain X Window System (XWD) image dump files. A remote attacker could provide a specially crafted XWD image file that, when processed, would cause the XWD plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2012-5576, CVE-2013-1913, CVE-2013-1978)

The GIMP must be restarted for the update to take effect.

Murray McAllister discovered multiple integer and buffer overflows in the XWD plugin in Gimp, which can result in the execution of arbitrary code.

Updated gimp packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

The GIMP (GNU Image Manipulation Program) is an image composition and editing program.

A stack-based buffer overflow flaw, a heap-based buffer overflow, and an integer overflow flaw were found in the way GIMP loaded certain X Window System (XWD) image dump files. A remote attacker could provide a specially crafted XWD image file that, when processed, would cause the XWD plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2012-5576, CVE-2013-1913, CVE-2013-1978)

The CVE-2013-1913 and CVE-2013-1978 issues were discovered by Murray McAllister of the Red Hat Security Response Team.

Users of the GIMP are advised to upgrade to these updated packages, which correct these issues. The GIMP must be restarted for the update to take effect.

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-1778 advisory.

    - fix overflow in XWD loader (CVE-2013-1913, CVE-2013-1978)

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
89712	GLSA-201603-01 : GIMP: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	medium
72422	SuSE 11.3 Security Update : gimp (SAT Patch Number 8856)	Nessus	SuSE Local Security Checks	high
71512	Mandriva Linux Security Advisory : gimp (MDVSA-2013:293)	Nessus	Mandriva Local Security Checks	medium
71476	Fedora 19 : gimp-2.8.10-4.fc19 (2013-22776)	Nessus	Fedora Local Security Checks	medium
71475	Fedora 18 : gimp-2.8.10-4.fc18 (2013-22771)	Nessus	Fedora Local Security Checks	medium
71419	Fedora 20 : gimp-2.8.10-4.fc20 (2013-22701)	Nessus	Fedora Local Security Checks	medium
71309	Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : gimp vulnerability (USN-2051-1)	Nessus	Ubuntu Local Security Checks	medium
71303	Scientific Linux Security Update : gimp on SL5.x, SL6.x i386/x86_64 (20131203)	Nessus	Scientific Linux Local Security Checks	high
71276	Debian DSA-2813-1 : gimp - several vulnerabilities	Nessus	Debian Local Security Checks	medium
71189	RHEL 5 / 6 : gimp (RHSA-2013:1778)	Nessus	Red Hat Local Security Checks	high
71186	Oracle Linux 5 / 6 : gimp (ELSA-2013-1778)	Nessus	Oracle Linux Local Security Checks	high
71178	CentOS 5 / 6 : gimp (CESA-2013:1778)	Nessus	CentOS Local Security Checks	high

Detections

Analytics

CVE-2013-1978

high

Tenable Plugins

medium

high

medium

medium

medium

medium

medium

high

medium

high

high

high