The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

vulnerability CVE-2012-5576

Gimp: buffer overflow via XWD

Synthesis of the vulnerability

An attacker can create a malicious XWD file which overflows a GIMP buffer, in order to execute code.
Impacted products: Debian, Fedora, GIMP, MBS, MES, openSUSE, RHEL.
Severity: 3/4.
Creation date: 22/11/2012.
Identifiers: 687392, BID-56647, CVE-2012-5576, DSA-2813-1, FEDORA-2013-2000, MDVSA-2013:082, MDVSA-2013:294, openSUSE-SU-2012:1623-1, openSUSE-SU-2013:0123-1, RHSA-2013:1778-01, VIGILANCE-VUL-12180.

Description of the vulnerability

The image format XWD is used to store screenshots in an X Window environment.

The functions load_xwd_f2_d24_b32() and load_xwd_f1_d24_b1() in the file plug-ins/common/file-xwd.c in Gimp decode this image format. These functions use local variables to store the maximal size of primary color tables. However, theses values directly come from the XWD file, without sanity checks, which leads to a stack buffer overflow.

An attacker can therefore create a malicious XWD file which overflows a GIMP buffer, in order to execute code.
Complete Vigil@nce bulletin.... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides network vulnerability alerts. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.