[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

MDVSA-2011:167 -- Mandriva gimp

ID: oval:org.secpod.oval:def:301127Date: (C)2012-01-07   (M)2023-11-10
Class: PATCHFamily: unix




A vulnerability has been discovered and corrected in gimp: The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895 . The updated packages have been patched to correct these issues.

Platform:
Mandriva Linux 2010.1
Product:
gimp
Reference:
MDVSA-2011:167
CVE-2011-2896
CVE    1
CVE-2011-2896
CPE    1
cpe:/o:mandriva:linux:2010.1

© SecPod Technologies