[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE Request: Gimp memory corruption vulnerability
From: Kurt Seifried <kseifried () redhat ! com>
Date: 2012-11-27 5:52:26
Message-ID: 50B4551A.7030608 () redhat ! com
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 11/21/2012 10:19 AM, Andrés Gómez Ramírez wrote:
> Hello, could a CVE be assigned to this issue?
>
> Name: Gimp memory corruption vulnerability Software: GIMP 2.8.2
> Software link: http://www.gimp.org/ <http://plib.sourceforge.net/>
> Vulnerability Type: Memory Corruption
>
> Description:
>
> GIMP 2.8.2 is vulnerable to memory corruption when reading XWD
> files, which could lead even to arbitrary code execution.
>
> Upstream fix:
> http://git.gnome.org/browse/gimp/commit/?id=2873262fccba12af144ed96ed91be144d92ff2e1
>
>
(fixed in master and gimp-2-8)
>
> References: https://bugzilla.gnome.org/show_bug.cgi?id=687392
>
> Thanks,
>
> Andres Gomez.
Apology for the delay, I had some mail filter issues that I have now
fixed so I won't miss these in future.
Also if there were any other CVE requests that were also CC'ed to
full-disclosure or Bugtraq that I haven't dealt with please ping me
and I'll get to them asap.
Please use CVE-2012-5576for this issue.
- --
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBAgAGBQJQtFUaAAoJEBYNRVNeJnmTnsoP+weCng3Etwm0gQZE/XsfCkee
5bv8tZx2IoAqmXcwwjFtJBUUEyW4FOvvWqemDOTu2CbxJHH8BDcG7B/IeiBZuOBs
rKuqqHx4rwEMyl/pFAmL7TtxVSEm4RjKe6RS/52IZOpFVK53XZfO7o/BtRnAsitV
sVknVeq+WH+xxFFU6jrpvXqju0aWEo1Q4I4S/uGh9F1WtEhGMUvbBXgBKFQL23X5
abKPpAhF807E9mhLTFOoJ/sts6L1waw5+hXAvp8LCY9pVtM6pf+VD0Gj8xIW7wP4
wgGC2i8N4xgEohsmCzvznWDqfD5BNrFFIUguceTl/uF+PL0wKo0Nxyf+0RQOx8e1
EQ5+3j3Q0BHXwIEA2CArIV0g4LPBJ0sJNH+bSTR6Iiz0j2Gm1VbB9GJ7hSNF5cJ/
sXVtM9dUMdpBxKfjQeyvb4lXFLKZg8875NooGHFFinMSMjV97p6/rt6atEj76HVD
tfLK9IBh/lm8V31L56YeegzKq0OkkdIC9pZGw+ATj66WyfTAQZxsdlGl58S9umVS
PcFjON3sAn0O5RGAEDpyxbMMUHRbW3d/UkilA5lcqJ2XPDeILcvr5HYz5Pikkltg
JDAbZuQV46ohmXZERjNF4hUY8VWeU4a6rk1wU11wJB4UD+sSpXjvBZoSj9EIdSjO
MWz9hgNy/as5Qi6aOBEE
=kBhU
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic