[GIMP] Multiple Integer Overflow Vulnerabilities (CVE-2006-4519)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
The Gimp |
Fix Released
|
High
|
|||
gimp (Ubuntu) |
Fix Released
|
Medium
|
Kees Cook |
Bug Description
Binary package hint: gimp
From:
http://
"iDefense has confirmed that version 2.2.15 of The GIMP is vulnerable on both Linux and Windows platforms. It is suspected that all previous versions of the GIMP are also affected."
"Remote exploitation of multiple integer overflow vulnerabilities in several of the image loader plug-ins included with distributions of 'The GIMP' allow attackers to crash The GIMP or potentially execute arbitrary code with the privileges of the user."
"Exploitation allows attackers to execute arbitrary code in the context of the user opening a malicious image file. In order to be successful, the attacker must convince the victim into opening a maliciously crafted image with The GIMP. "
"The GIMP maintainers have released version 2.2.16 to address these vulnerabilities. For more information, consult the following URL.
http://
Please provide fixed packages as soon as possible. Thanks.
CVE References
Changed in gimp: | |
status: | Unknown → Fix Released |
Changed in gimp: | |
assignee: | nobody → keescook |
importance: | Undecided → Medium |
status: | New → Fix Released |
Changed in gimp: | |
importance: | Unknown → High |
Bug report can be closed for Ubuntu since updated packages for the stable releases are available (USN-494-1).
(http:// www.ubuntu. com/usn/ usn-494- 1)