Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 434580 (CVE-2012-3403) - <media-gfx/gimp-2.6.12-r5: CEL and GIF plug-ins: Heap-based buffer overflows (CVE-2012-{3403,3481})
Summary: <media-gfx/gimp-2.6.12-r5: CEL and GIF plug-ins: Heap-based buffer overflows ...
Status: RESOLVED FIXED
Alias: CVE-2012-3403
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks: CVE-2012-3236
  Show dependency tree
 
Reported: 2012-09-10 12:43 UTC by GLSAMaker/CVETool Bot
Modified: 2013-11-10 15:14 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2012-09-10 12:43:03 UTC
CVE-2012-3403 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3403):
  Heap-based buffer overflow in the KiSS CEL file format plug-in in GIMP 2.8.x
  and earlier allows remote attackers to cause a denial of service and
  possibly execute arbitrary code via a crafted KiSS palette file, which
  triggers an "invalid free."
Comment 1 Tobias Heinlein (RETIRED) gentoo-dev 2012-09-10 12:44:13 UTC
Patches are available at $URL. Please prepare an updated ebuild.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2012-09-10 12:54:19 UTC
CVE-2012-3481 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3481):
  Integer overflow in the ReadImage function in
  plug-ins/common/file-gif-load.c in the GIF image format plug-in in GIMP
  2.8.x and earlier allows remote attackers to cause a denial of service
  (application crash) and possibly execute arbitrary code via crafted height
  and len properties in a GIF image file, which triggers a heap-based buffer
  overflow.  NOTE: some of these details are obtained from third party
  information.
Comment 3 Tobias Heinlein (RETIRED) gentoo-dev 2012-09-10 12:56:09 UTC
Patches for the latter issue are available at
https://bugzilla.redhat.com/show_bug.cgi?id=847303#c5
Comment 4 Sebastian Pipping gentoo-dev 2012-09-14 22:46:57 UTC
+*gimp-2.6.12-r3 (14 Sep 2012)
+
+  14 Sep 2012; Sebastian Pipping <sping@gentoo.org> +gimp-2.6.12-r3.ebuild,
+  +files/gimp-2.6.12-fix-type-overflow-CVE-2012-3481.patch,
+  +files/gimp-2.6.12-limit-len-and-height-CVE-2012-3481.patch:
+  Add patches for CVE-2012-3481 to 2.6.12 (bug #434580), 2.8.2 is patched by
+  upstream already
+

Up next:
- Check patches for CVE-2012-3403
- Stabilize 2.6.12-r3 ebuild
Comment 5 Sebastian Pipping gentoo-dev 2012-09-15 01:37:42 UTC
+*gimp-2.6.12-r4 (15 Sep 2012)
+
+  15 Sep 2012; Sebastian Pipping <sping@gentoo.org> -gimp-2.6.12-r3.ebuild,
+  +gimp-2.6.12-r4.ebuild, +files/gimp-2.6.12-CVE-2012-3403.patch,
+  +files/gimp-2.6.12-CVE-2012-3481.patch,
+  -files/gimp-2.6.12-fix-type-overflow-CVE-2012-3481.patch,
+  -files/gimp-2.6.12-limit-len-and-height-CVE-2012-3481.patch:
+  Apply patch for CVE-2012-3403 and single-file patch for CVE-2012-3481 (both
+  from Fedora, Gentoo bug #434580)
+

Up next:
- Stabilize 2.6.12-r4 ebuild
Comment 6 Sean Amoss gentoo-dev Security 2012-09-20 13:09:36 UTC
Sorry, Sebastian, but would you also be willing to patch 2.6.12 to include a fix for bug 428708? We would then be able to handle both bugs with 1 stabilization.
Comment 7 Sebastian Pipping gentoo-dev 2012-09-22 21:47:25 UTC
(In reply to comment #6)
> Sorry, Sebastian, but would you also be willing to patch 2.6.12 to include a
> fix for bug 428708? We would then be able to handle both bugs with 1
> stabilization.

I missed bug #428708 previously.  Thanks for bringing it to my attention.  A patch for that one is applied in 2.6.12-r5 now.

It would be great if the last arch to stable 2.6.12-r5 could remove 2.6.12-r2 and 2.6.12-r4 from the tree (or remind me to do it).  Thank you!
Comment 8 Tim Sammut (RETIRED) gentoo-dev 2012-09-22 23:16:50 UTC
(In reply to comment #7)
> 
> I missed bug #428708 previously.  Thanks for bringing it to my attention.  A
> patch for that one is applied in 2.6.12-r5 now.
> 


Great, thank you.

Arches, please test and mark stable:
=media-gfx/gimp-2.6.12-r5
Target keywords : "alpha amd64 hppa ia64 ppc ppc64 sparc x86"
Comment 9 Vicente Olivert Riera (RETIRED) gentoo-dev 2012-09-23 11:02:08 UTC
amd64: all fine.
Comment 10 Richard Freeman gentoo-dev 2012-09-23 11:25:13 UTC
amd64 stable
Comment 11 Jeroen Roovers gentoo-dev 2012-09-24 01:23:02 UTC
Stable for HPPA.
Comment 12 Andreas Schürch gentoo-dev 2012-09-24 11:36:04 UTC
x86 done.
Comment 13 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2012-09-28 17:01:34 UTC
ppc64 stable
Comment 14 Anthony Basile gentoo-dev 2012-09-29 04:56:20 UTC
stable ppc
Comment 15 Raúl Porcel (RETIRED) gentoo-dev 2012-09-29 16:10:03 UTC
alpha/ia64/sparc stable
Comment 16 Sean Amoss gentoo-dev Security 2012-09-30 02:48:16 UTC
Thanks, everyone.

Filing a new GLSA request.
Comment 17 GLSAMaker/CVETool Bot gentoo-dev 2013-11-10 15:14:20 UTC
This issue was resolved and addressed in
 GLSA 201311-05 at http://security.gentoo.org/glsa/glsa-201311-05.xml
by GLSA coordinator Sean Amoss (ackle).