Bugzilla – Bug 791372
VUL-1: CVE-2012-5576: gimp: memory corruption via XWD files
Last modified: 2019-08-28 22:49:13 UTC
Via OSS-sec: From: Andrés Gómez Ramírez Date: Wed, 21 Nov 2012 12:19:35 -0500 To: oss-security Name: Gimp memory corruption vulnerability Software: GIMP 2.8.2 Software link: http://www.gimp.org/ <http://plib.sourceforge.net/> Vulnerability Type: Memory Corruption Description: GIMP 2.8.2 is vulnerable to memory corruption when reading XWD files, which could lead even to arbitrary code execution. Upstream fix: http://git.gnome.org/browse/gimp/commit/?id=2873262fccba12af144ed96ed91be144d92ff2e1 (fixed in master and gimp-2-8) References: https://bugzilla.gnome.org/show_bug.cgi?id=687392 Thanks, Andres Gomez.
CVE-2012-5576
-> gnome team for opensuse (does this affect older versions?)
- openSUSE Factory contains gimp 2.8.2, which is the reported vulnurability - openSUSE 12.2 shipped with 2.8.0, where the patch applies cleanly. - openSUSE 12.1 shipped gimp 2.6.1, where the patch applies with very small changes, so very likely it is affected.
bugbot adjusting priority
openSUSE-SU-2012:1623-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 791372 CVE References: CVE-2012-5576 Sources used: openSUSE 12.2 (src): gimp-2.8.0-3.9.1 openSUSE 12.1 (src): gimp-2.6.11-28.30.1
opensuse done, SLE still open, but planned only.
This is an autogenerated message for OBS integration: This bug (791372) was mentioned in https://build.opensuse.org/request/show/145228 Evergreen:11.2 / gimp
This is an autogenerated message for OBS integration: This bug (791372) was mentioned in https://build.opensuse.org/request/show/145249 Evergreen:11.2 / gimp
Added patch for sle11 and adapted the patch for the gimp-2.2 version in sle10-SP4 I don't have a good way to test this so I had HPJ code review and he noticed a small memory leak caused by the error condition exit. Also the patch could be safer by checking "maxred >= sizeof(redmap)" rather than "maxred > sizeof(redmap)" as the code later writes to the redmap[maxred] element. The unique way that maxred is calculated (by bit shifting) and the size of redmap make this not currently happen but a change in either would need the safer check. submission for sle11 and sle10-sp4 (including both the above changes) sle11 - #23138 sle10 - #23137
Hm, according to comment6, this is planned only, so no submissions needed yet until other bugs are fixed along.
Created attachment 520125 [details] gimp-CVE-2012-5576.patch patch in use for SLE11 (for the record)
The SWAMPID for this issue is 55797. This issue was rated as moderate. Please submit fixed packages until 2014-01-27. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team.
Update released for: gimp, gimp-branding-upstream, gimp-debuginfo, gimp-debugsource, gimp-devel, gimp-doc, gimp-lang, gimp-plugins-python Products: SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP3 (i386, x86_64) SLE-SDK 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SUSE-SU-2014:0214-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 791372,853423,853425 CVE References: CVE-2012-5576,CVE-2013-1913,CVE-2013-1978 Sources used: SUSE Linux Enterprise Software Development Kit 11 SP3 (src): gimp-2.6.2-3.34.45.1 SUSE Linux Enterprise Desktop 11 SP3 (src): gimp-2.6.2-3.34.45.1
released
This is an autogenerated message for OBS integration: This bug (791372) was mentioned in https://build.opensuse.org/request/show/603017 Factory / gimp
This is an autogenerated message for OBS integration: This bug (791372) was mentioned in https://build.opensuse.org/request/show/605190 15.0 / gimp