MDVSA-2011:103 -- Mandriva gimpID: oval:org.secpod.oval:def:301030 | Date: (C)2012-01-07 (M)2023-11-13 |
Class: PATCH | Family: unix |
Multiple vulnerabilities was discovered and fixed in gimp: Stack-based buffer overflow in the "LIGHTING EFFECTS > LIGHT" plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a long Position field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself . Stack-based buffer overflow in the SPHERE DESIGNER plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a long Number of lights field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself . Stack-based buffer overflow in the GFIG plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a long Foreground field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself . Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a PSP_COMP_RLE image file that begins a long run count at the end of the image . Packages for 2009.0 are provided as of the Extended Maintenance Program
Platform: |
Mandriva Linux 2010.1 |
Mandriva Linux 2009.0 |