853425 – (CVE-2013-1978) VUL-0: CVE-2013-1978: gimp: XWD plugin color map heap-based buffer overflow

Bug 853425 (CVE-2013-1978) - VUL-0: CVE-2013-1978: gimp: XWD plugin color map heap-based buffer overflow

Summary: VUL-0: CVE-2013-1978: gimp: XWD plugin color map heap-based buffer overflow

Status:	RESOLVED FIXED

Alias:	CVE-2013-1978

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Deadline:	2014-01-27
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	maint:released:sle11-sp3:56086
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2013-12-03 17:30 UTC by Alexander Bergmann
Modified:	2014-02-11 10:36 UTC (History)
CC List:	4 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexander Bergmann 2013-12-03 17:30:51 UTC

Murray McAllister of the Red Hat Security Response Team has discovered a heap-based buffer overflow in the way GIMP, the GNU Image Manipulation Program, performed loading of certain X Window System (XWD) image dumps containing a small number of color map entries but a large number of colors. A remote attacker could provide a specially-crafted XWD format image file that, when processed, would lead to gimp XWD plug-in crash or, potentially, arbitrary code execution with the privileges of the user running the gimp executable.

CVE-2013-1978 was assigned to this issue.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1978
https://bugzilla.redhat.com/show_bug.cgi?id=953902

Comment 1 Swamp Workflow Management 2013-12-04 23:00:10 UTC

bugbot adjusting priority

Comment 2 Scott Reeves 2013-12-06 18:10:51 UTC

David - can you have someone from your take look into this...

Comment 3 Alexander Bergmann 2014-01-10 15:14:54 UTC

Upstream commit:

file-xwd: sanity check # of colors and map entries (CVE-2013-1978)

https://git.gnome.org/browse/gimp/commit/?id=23f685931e5f000dd033a45c60c1e60d7f78caf4

Comment 4 Swamp Workflow Management 2014-01-13 10:23:42 UTC

The SWAMPID for this issue is 55797.
This issue was rated as moderate.
Please submit fixed packages until 2014-01-27.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.

Comment 5 David Liang 2014-01-26 06:51:33 UTC

submitted to sle11/sle11-sp1/sle11-sp2/sle11-sp3

Comment 12 Swamp Workflow Management 2014-02-10 11:50:41 UTC

Update released for: gimp, gimp-branding-upstream, gimp-debuginfo, gimp-debugsource, gimp-devel, gimp-doc, gimp-lang, gimp-plugins-python
Products:
SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP3 (i386, x86_64)
SLE-SDK 11-SP3 (i386, ia64, ppc64, s390x, x86_64)

Comment 13 Swamp Workflow Management 2014-02-10 15:04:43 UTC

SUSE-SU-2014:0214-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 791372,853423,853425
CVE References: CVE-2012-5576,CVE-2013-1913,CVE-2013-1978
Sources used:
SUSE Linux Enterprise Software Development Kit 11 SP3 (src):    gimp-2.6.2-3.34.45.1
SUSE Linux Enterprise Desktop 11 SP3 (src):    gimp-2.6.2-3.34.45.1

Comment 14 Marcus Meissner 2014-02-11 10:36:39 UTC

released