Gimp: buffer overflow via XWD
Synthesis of the vulnerability
An attacker can create a malicious XWD file which overflows a GIMP buffer, in order to execute code.Impacted products:
Debian, Fedora, GIMP, MBS, MES, openSUSE, RHEL.
687392, BID-56647, CVE-2012-5576, DSA-2813-1, FEDORA-2013-2000, MDVSA-2013:082, MDVSA-2013:294, openSUSE-SU-2012:1623-1, openSUSE-SU-2013:0123-1, RHSA-2013:1778-01, VIGILANCE-VUL-12180.
Description of the vulnerability
The image format XWD is used to store screenshots in an X Window environment.
The functions load_xwd_f2_d24_b32() and load_xwd_f1_d24_b1() in the file plug-ins/common/file-xwd.c in Gimp decode this image format. These functions use local variables to store the maximal size of primary color tables. However, theses values directly come from the XWD file, without sanity checks, which leads to a stack buffer overflow.
An attacker can therefore create a malicious XWD file which overflows a GIMP buffer, in order to execute code.Complete Vigil@nce bulletin....
Share this bulletin
Computer vulnerabilities tracking service
Vigil@nce provides network vulnerability alerts
. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.