Summary: | <media-gfx/gimp-2.2.14 : Heap-buffer overflow by decoding certain PSD headers (CVE-2012-3402) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | hanno, sping |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2012-08-24 11:56:24 UTC
@security, if it is fine for you, go to glsa. I'll add it to the existing GLSA draft this time, but users applying either of the two previous GIMP GLSA's have already been protected from this issue. CVE-2012-3402 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3402): Integer overflow in plug-ins/common/psd.c in the Adobe Photoshop PSD plugin in GIMP 2.2.13 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted channels header value in a PSD image file, which triggers a heap-based buffer overflow, a different vulnerability than CVE-2009-3909. This issue was resolved and addressed in GLSA 201209-23 at http://security.gentoo.org/glsa/glsa-201209-23.xml by GLSA coordinator Sean Amoss (ackle). |