Gimp PSD Image Parsing Integer Overflow Vulnerability

Gimp PSD Image Parsing Integer Overflow Vulnerability
SECUNIA ADVISORY ID: SA37348
VERIFY ADVISORY: http://secunia.com/advisories/37348/
DESCRIPTION: Secunia Research has discovered a vulnerability in Gimp, which potentially can be exploited by malicious people compromise a user’s system.
The vulnerability is caused due to an integer overflow within the “read_channel_data()” function in plug-ins/file-psd/psd-load.c. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted PSD file.
The vulnerability is confirmed in version 2.6.7. Other versions may also be affected.
SOLUTION: Fixed in the GIT repository. http://git.gnome.org/cgit/gimp/commit/?id=9cc8d78ff33b7a36852b74e64b427489cad44d0e http://git.gnome.org/cgit/gimp/commit/?id=0e440cb6d4d6ee029667363d244aff61b154c33c
PROVIDED AND/OR DISCOVERED BY: Stefan Cornelius, Secunia Research.
ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2009-43/
———————————————————————-

mobile

Dieser Beitrag wurde am Dienstag 17. November 2009, 18:20 unter Bugs / Fehlermeldungen verfasst. Sie können alle Antworten auf diesen Beitrag nachverfolgen mit RSS 2.0. Sie können eine Antwort, oder einen Trackback von Ihrer eigenen Seite hinterlassen.

M	D	M	D	F	S	S
« Aug
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30

Gimp PSD Image Parsing Integer Overflow Vulnerability

Kalender

Meta