CVE-2010-4542
Published: 7 January 2011
Stack-based buffer overflow in the gfig_read_parameter_gimp_rgb function in plug-ins/gfig/gfig-style.c in the GFIG plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long Foreground field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself. NOTE: some of these details are obtained from third party information.
Priority
Status
Package | Release | Status |
---|---|---|
gimp Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
hardy |
Released
(2.4.5-1ubuntu2.3)
|
|
karmic |
Released
(2.6.7-1ubuntu1.2)
|
|
lucid |
Released
(2.6.8-2ubuntu1.2)
|
|
maverick |
Released
(2.6.10-1ubuntu3.2)
|
|
upstream |
Needs triage
|
|
Patches: upstream: http://git.gnome.org/browse/gimp/commit/?id=7fb0300e1cfdb98a3bde54dbc73a0f3eda375162 |
||
This vulnerability is mitigated in part by the use of gcc's stack protector in Ubuntu. |