Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2010-4542

Published: 7 January 2011

Stack-based buffer overflow in the gfig_read_parameter_gimp_rgb function in plug-ins/gfig/gfig-style.c in the GFIG plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long Foreground field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself. NOTE: some of these details are obtained from third party information.

Priority

Low

Status

Package Release Status
gimp
Launchpad, Ubuntu, Debian
dapper Ignored
(end of life)
hardy
Released (2.4.5-1ubuntu2.3)
karmic
Released (2.6.7-1ubuntu1.2)
lucid
Released (2.6.8-2ubuntu1.2)
maverick
Released (2.6.10-1ubuntu3.2)
upstream Needs triage

Patches:
upstream: http://git.gnome.org/browse/gimp/commit/?id=7fb0300e1cfdb98a3bde54dbc73a0f3eda375162
This vulnerability is mitigated in part by the use of gcc's stack protector in Ubuntu.