Heap-based buffer overflow in the KiSS CEL file format plug-in in GIMP 2.8.x
and earlier allows remote attackers to cause a denial of service and
possibly execute arbitrary code via a crafted KiSS palette file, which
triggers an "invalid free."
Patches are available at $URL. Please prepare an updated ebuild.
Integer overflow in the ReadImage function in
plug-ins/common/file-gif-load.c in the GIF image format plug-in in GIMP
2.8.x and earlier allows remote attackers to cause a denial of service
(application crash) and possibly execute arbitrary code via crafted height
and len properties in a GIF image file, which triggers a heap-based buffer
overflow. NOTE: some of these details are obtained from third party
Patches for the latter issue are available at
+*gimp-2.6.12-r3 (14 Sep 2012)
+ 14 Sep 2012; Sebastian Pipping <email@example.com> +gimp-2.6.12-r3.ebuild,
+ Add patches for CVE-2012-3481 to 2.6.12 (bug #434580), 2.8.2 is patched by
+ upstream already
- Check patches for CVE-2012-3403
- Stabilize 2.6.12-r3 ebuild
+*gimp-2.6.12-r4 (15 Sep 2012)
+ 15 Sep 2012; Sebastian Pipping <firstname.lastname@example.org> -gimp-2.6.12-r3.ebuild,
+ +gimp-2.6.12-r4.ebuild, +files/gimp-2.6.12-CVE-2012-3403.patch,
+ Apply patch for CVE-2012-3403 and single-file patch for CVE-2012-3481 (both
+ from Fedora, Gentoo bug #434580)
- Stabilize 2.6.12-r4 ebuild
Sorry, Sebastian, but would you also be willing to patch 2.6.12 to include a fix for bug 428708? We would then be able to handle both bugs with 1 stabilization.
(In reply to comment #6)
> Sorry, Sebastian, but would you also be willing to patch 2.6.12 to include a
> fix for bug 428708? We would then be able to handle both bugs with 1
I missed bug #428708 previously. Thanks for bringing it to my attention. A patch for that one is applied in 2.6.12-r5 now.
It would be great if the last arch to stable 2.6.12-r5 could remove 2.6.12-r2 and 2.6.12-r4 from the tree (or remind me to do it). Thank you!
(In reply to comment #7)
> I missed bug #428708 previously. Thanks for bringing it to my attention. A
> patch for that one is applied in 2.6.12-r5 now.
Great, thank you.
Arches, please test and mark stable:
Target keywords : "alpha amd64 hppa ia64 ppc ppc64 sparc x86"
amd64: all fine.
Stable for HPPA.
Filing a new GLSA request.
This issue was resolved and addressed in
GLSA 201311-05 at http://security.gentoo.org/glsa/glsa-201311-05.xml
by GLSA coordinator Sean Amoss (ackle).