Advisories » MGASA-2013-0365

Updated gimp package fixes security vulnerabilities

Publication date: 06 Dec 2013
Modification date: 06 Dec 2013
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-1913 , CVE-2013-1978

Description

An integer overflow flaw and a heap-based buffer overflow were found in
the way GIMP loaded certain X Window System (XWD) image dump files. A
remote attacker could provide a specially crafted XWD image file that,
when processed, would cause the XWD plug-in to crash or, potentially,
execute arbitrary code with the privileges of the user running the GIMP
(CVE-2013-1913, CVE-2013-1978).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=11873
• https://rhn.redhat.com/errata/RHSA-2013-1778.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1913
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1978

SRPMS

3/core

• gimp-2.8.2-3.1.mga3