Rapid7 Vulnerability & Exploit Database

RHSA-2011:0837: gimp security update

Back to Search

RHSA-2011:0837: gimp security update

Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
11/13/2009
Created
07/25/2018
Added
06/02/2011
Modified
07/04/2017

Description

The GIMP (GNU Image Manipulation Program) is an image composition andediting program.An integer overflow flaw, leading to a heap-based buffer overflow, wasfound in the GIMP's Microsoft Windows Bitmap (BMP) and Personal ComputereXchange (PCX) image file plug-ins. An attacker could create aspecially-crafted BMP or PCX image file that, when opened, could cause therelevant plug-in to crash or, potentially, execute arbitrary code with theprivileges of the user running the GIMP. (CVE-2009-1570, CVE-2011-1178)A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro(PSP) image file plug-in. An attacker could create a specially-crafted PSPimage file that, when opened, could cause the PSP plug-in to crash or,potentially, execute arbitrary code with the privileges of the user runningthe GIMP. (CVE-2010-4543)A stack-based buffer overflow flaw was found in the GIMP's Sphere Designerimage filter. An attacker could create a specially-crafted Sphere Designerfilter configuration file that, when opened, could cause the SphereDesigner plug-in to crash or, potentially, execute arbitrary code with theprivileges of the user running the GIMP. (CVE-2010-4541)Red Hat would like to thank Stefan Cornelius of Secunia Research forresponsibly reporting the CVE-2009-1570 flaw.Users of the GIMP are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues. The GIMP must berestarted for the update to take effect.

Solution(s)

  • redhat-upgrade-gimp
  • redhat-upgrade-gimp-devel

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;