Mandriva Linux Security Advisory : gimp (MDVSA-2013:082)

high Nessus Plugin ID 66096

Language:

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

Updated gimp packages fix security vulnerabilities :

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's GIF image format plug-in. An attacker could create a specially crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP (CVE-2012-3481).

A heap-based buffer overflow flaw was found in the GIMP's KiSS CEL file format plug-in. An attacker could create a specially crafted KiSS palette file that, when opened, could cause the CEL plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP (CVE-2012-3403).

fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated using a long string. (CVE-2012-3236)

GIMP 2.8.2 and earlier is vulnerable to memory corruption when reading XWD files, which could lead even to arbitrary code execution (CVE-2012-5576).

Additionally it fixes partial translations in several languages.

This gimp update provides the stable maintenance release 2.8.2 which fixes the above security issues.

Solution

Update the affected packages.

Plugin Details

Severity: High

ID: 66096

File Name: mandriva_MDVSA-2013-082.nasl

Version: 1.8

Type: local

Family: Mandriva Local Security Checks

Published: 4/20/2013

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:gimp, p-cpe:/a:mandriva:linux:gimp-python, p-cpe:/a:mandriva:linux:lib64gimp2.0-devel, p-cpe:/a:mandriva:linux:lib64gimp2.0_0, cpe:/o:mandriva:business_server:1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 4/9/2013

Reference Information

CVE: CVE-2012-3236, CVE-2012-3403, CVE-2012-3481, CVE-2012-5576

BID: 54246, 55101, 56647

MDVSA: 2013:082

MGASA: 2012-0236, 2012-0286, 2012-0360

Detections

Analytics