Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 350915 (CVE-2010-4540) - <media-gfx/gimp-2.6.11-r1: Multiple buffer overflows (CVE-2010-{4540,4541,4542,4543})
Summary: <media-gfx/gimp-2.6.11-r1: Multiple buffer overflows (CVE-2010-{4540,4541,454...
Status: RESOLVED FIXED
Alias: CVE-2010-4540
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks: 355751
  Show dependency tree
 
Reported: 2011-01-07 00:35 UTC by Tim Sammut (RETIRED)
Modified: 2012-09-28 11:43 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tim Sammut (RETIRED) gentoo-dev 2011-01-07 00:35:47 UTC
From $URL, four CVEs assigned for four buffer overflows in gimp.

> This one is from the debian bug tracker [1], there are four buffer
> overflows in gimp plugins.
> 
> I am not sure if this would need one CVE or four?
> 
> [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608497
> 
> 

I'm going to give this four. We *might* be able to get away with two, but
since they're all in quite different bits of code, I'm betting the affected
versions are different, and it's likely upstream is going to fix these all
at different times in their SCM.

CVE-2010-4540 gimp LIGHTING EFFECTS > LIGHT plugin stack buffer overflow
CVE-2010-4541 gimp SPHERE DESIGNER plugin stack buffer overflow
CVE-2010-4542 gimp GFIG plugin stack buffer overflow
CVE-2010-4543 gimp heap overflow read_channel_data() in file-psp.c
Comment 1 Hanno Böck gentoo-dev 2011-01-07 11:28:43 UTC
Did you see any patches for them? Else we'll probably just wait for either debian or upstream to provide some patches.
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2011-01-07 16:11:15 UTC
(In reply to comment #1)
> Did you see any patches for them? Else we'll probably just wait for either
> debian or upstream to provide some patches.
> 

No, no patches that I can find. I'll keep my eye open for updates as well. Thanks.
Comment 3 Hanno Böck gentoo-dev 2011-02-16 11:13:48 UTC
Bumped with upstream patches. I'd like to wait some days till stabilizing, shouldn't matter, the issues are pretty minor either.
Comment 4 Pacho Ramos gentoo-dev 2011-02-22 17:28:33 UTC
This is also needed to fix printing with cairo-1.10, I think arches should be CCed as soon as possible. Thanks
Comment 5 Hanno Böck gentoo-dev 2011-02-22 18:33:12 UTC
Archs, please go ahead stabilizing
media-gfx/gimp-2.6.11-r1
Comment 6 Alex Buell 2011-02-23 00:05:53 UTC
Tested OK on SPARC and x86. Stabilisation would be nice.
Comment 7 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2011-02-23 07:01:32 UTC
ppc/ppc64 stable
Comment 8 Agostino Sarubbo gentoo-dev 2011-02-24 11:39:11 UTC
amd64 ok
Comment 9 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-02-24 14:59:08 UTC
x86 stable, thanks Alex
Comment 10 Jeroen Roovers (RETIRED) gentoo-dev 2011-02-25 16:24:16 UTC
Stable for HPPA.
Comment 11 Markos Chandras (RETIRED) gentoo-dev 2011-02-26 09:31:02 UTC
amd64 done. Thanks Agostino
Comment 12 Raúl Porcel (RETIRED) gentoo-dev 2011-02-26 17:31:16 UTC
alpha/ia64/sparc stable
Comment 13 Tim Sammut (RETIRED) gentoo-dev 2011-02-26 19:45:37 UTC
Thanks, folks. Added to existing GLSA request.
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2011-06-14 16:32:06 UTC
CVE-2010-4543 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4543):
  Heap-based buffer overflow in the read_channel_data function in file-psp.c
  in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to
  cause a denial of service (application crash) or possibly execute arbitrary
  code via a PSP_COMP_RLE (aka RLE compression) image file that begins a long
  run count at the end of the image.  NOTE: some of these details are obtained
  from third party information.

CVE-2010-4542 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4542):
  Stack-based buffer overflow in the gfig_read_parameter_gimp_rgb function in
  plug-ins/gfig/gfig-style.c in the GFIG plugin in GIMP 2.6.11 allows
  user-assisted remote attackers to cause a denial of service (application
  crash) or possibly execute arbitrary code via a long Foreground field in a
  plugin configuration file.  NOTE: it may be uncommon to obtain a GIMP plugin
  configuration file from an untrusted source that is separate from the
  distribution of the plugin itself. NOTE: some of these details are obtained
  from third party information.

CVE-2010-4541 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4541):
  Stack-based buffer overflow in the loadit function in
  plug-ins/common/sphere-designer.c in the SPHERE DESIGNER plugin in GIMP
  2.6.11 allows user-assisted remote attackers to cause a denial of service
  (application crash) or possibly execute arbitrary code via a long "Number of
  lights" field in a plugin configuration file.  NOTE: it may be uncommon to
  obtain a GIMP plugin configuration file from an untrusted source that is
  separate from the distribution of the plugin itself.

CVE-2010-4540 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4540):
  Stack-based buffer overflow in the load_preset_response function in
  plug-ins/lighting/lighting-ui.c in the "LIGHTING EFFECTS > LIGHT" plugin in
  GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of
  service (application crash) or possibly execute arbitrary code via a long
  Position field in a plugin configuration file.  NOTE: it may be uncommon to
  obtain a GIMP plugin configuration file from an untrusted source that is
  separate from the distribution of the plugin itself.  NOTE: some of these
  details are obtained from third party information.
Comment 15 GLSAMaker/CVETool Bot gentoo-dev 2012-09-28 11:43:17 UTC
This issue was resolved and addressed in
 GLSA 201209-23 at http://security.gentoo.org/glsa/glsa-201209-23.xml
by GLSA coordinator Sean Amoss (ackle).