Info

Disclosure

Aug 20, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

GIMP is prone to an overflow condition. This issue is triggered when an error occurs in plug-ins/common/psd.c during the decoding of a PSD image file header, which will result in a heap-based buffer overflow. With a specially crafted PSD file, a context-dependent attacker can potentially execute arbitrary code.

Classification

Location: Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Third-Party Solution
Exploit: Exploit Unknown
Disclosure: Third-party Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Red Hat has released an updated package to address this vulnerability.

Products

The GIMP Team

Gimp

Unspecified

References

Security Tracker: 1027411
CVE ID: 2012-3402 (see also: NVD)
Secunia Advisory ID: 50358 50737
Vendor Specific News/Changelog Entry: http://www.gentoo.org/security/en/glsa/glsa-201209-23.xml
https://bugzilla.redhat.com/show_bug.cgi?id=838941
Vendor URL: http://www.gimp.org/

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/84835