The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp allow user-assisted remote attackers to cause a denial of service (crash or memory consumption) via crafted image files, as discovered using the fusil fuzzing tool.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Linux | Mandriva | * | * |
| Red Hat Enterprise Linux 2.1 | RedHat | gimp-1:1.2.1-7.8.el2_1 | * |
| Red Hat Enterprise Linux 3 | RedHat | gimp-1:1.2.3-20.9.el3 | * |
| Red Hat Enterprise Linux 4 | RedHat | gimp-1:2.0.5-7.0.7.el4 | * |
| Red Hat Enterprise Linux 5 | RedHat | gimp-2:2.2.13-2.0.7.el5 | * |
| Gimp | Ubuntu | dapper | * |
| Gimp | Ubuntu | edgy | * |
| Gimp | Ubuntu | feisty | * |
| Gimp | Ubuntu | gutsy | * |
| Gimp | Ubuntu | upstream | * |
References
- http://osvdb.org/42128
- http://osvdb.org/42129
- http://osvdb.org/42130
- http://osvdb.org/42131
- http://secunia.com/advisories/26575
- http://secunia.com/advisories/26939
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:170
- http://www.redhat.com/support/errata/RHSA-2007-0513.html
- http://www.securityfocus.com/bid/25424
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10099
- http://osvdb.org/42128
- http://osvdb.org/42129
- http://osvdb.org/42130
- http://osvdb.org/42131
- http://secunia.com/advisories/26575
- http://secunia.com/advisories/26939
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:170
- http://www.redhat.com/support/errata/RHSA-2007-0513.html
- http://www.securityfocus.com/bid/25424
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10099