Secunia Research has discovered a vulnerability in Gimp, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer overflow within the function "seek_to_and_unpack_pixeldata()" in plug-ins/common/psd.c. This can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted PSD file with large width or height values. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 2.2.15. Other versions may also be affected. Solution: Fixed in the SVN repository. Provided and/or discovered by: Stefan Cornelius, Secunia Research. Original Advisory: Secunia Research: http://secunia.com/secunia_research/2007-63/ Reproducible: Always
Patch from upstream: http://svn.gnome.org/viewcvs/gimp/branches/gimp-2-2/plug-ins/common/psd.c?r1=22798&r2=19314&view=patch
*** This bug has been marked as a duplicate of bug 182047 ***