Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 184141 - media-gfx/gimp PSD Plugin Integer Overflow Vulnerability
Summary: media-gfx/gimp PSD Plugin Integer Overflow Vulnerability
Status: RESOLVED DUPLICATE of bug 182047
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://secunia.com/advisories/25677/
Whiteboard: B2 [upstream]
Keywords:
Depends on:
Blocks:
 
Reported: 2007-07-03 21:46 UTC by Lars Hartmann
Modified: 2007-07-08 00:27 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Lars Hartmann 2007-07-03 21:46:59 UTC 
Secunia Research has discovered a vulnerability in Gimp, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an integer overflow within the function "seek_to_and_unpack_pixeldata()" in plug-ins/common/psd.c. This can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted PSD file with large width or height values.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in version 2.2.15. Other versions may also be affected.

Solution:
Fixed in the SVN repository.

Provided and/or discovered by:
Stefan Cornelius, Secunia Research.

Original Advisory:
Secunia Research:
http://secunia.com/secunia_research/2007-63/

Reproducible: Always
Comment 1 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2007-07-04 10:08:35 UTC 
Patch from upstream:

http://svn.gnome.org/viewcvs/gimp/branches/gimp-2-2/plug-ins/common/psd.c?r1=22798&r2=19314&view=patch
Comment 2 Hanno Böck gentoo-dev 2007-07-08 00:27:27 UTC 

*** This bug has been marked as a duplicate of bug 182047 ***