REDHAT-BUG-703405: Buffer Overflow
First published: Tue May 10 2011(Updated: )
Common Vulnerabilities and Exposures assigned an identifier <a href="https://access.redhat.com/security/cve/CVE-2010-4542">CVE-2010-4542</a> to the following vulnerability: Stack-based buffer overflow in the gfig_read_parameter_gimp_rgb function in plug-ins/gfig/gfig-style.c in the GFIG plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long Foreground field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself. NOTE: some of these details are obtained from third party information. References: [1] <a href="http://openwall.com/lists/oss-security/2011/01/03/2">http://openwall.com/lists/oss-security/2011/01/03/2</a> [2] <a href="http://openwall.com/lists/oss-security/2011/01/04/7">http://openwall.com/lists/oss-security/2011/01/04/7</a> [3] <a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608497">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608497</a> [4] <a class="bz_bug_link bz_status_CLOSED bz_closed bz_public " title="CLOSED ERRATA - CVE-2010-4540 Gimp: Stack-based buffer overflow in Lighting plug-in" href="show_bug.cgi?id=666793">https://bugzilla.redhat.com/show_bug.cgi?id=666793</a> [5] <a href="http://osvdb.org/70283">http://osvdb.org/70283</a> [6] <a href="http://secunia.com/advisories/42771">http://secunia.com/advisories/42771</a> [7] <a href="http://www.vupen.com/english/advisories/2011/0016">http://www.vupen.com/english/advisories/2011/0016</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GIMP |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/security/cve/CVE-2010-4542
- http://openwall.com/lists/oss-security/2011/01/03/2
- http://openwall.com/lists/oss-security/2011/01/04/7
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608497
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=666793
- http://osvdb.org/70283
- http://secunia.com/advisories/42771
- http://www.vupen.com/english/advisories/2011/0016
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=706939
- https://rhn.redhat.com/errata/RHSA-2011-0839.html
- https://rhn.redhat.com/errata/RHSA-2011-0838.html
- https://bugzilla.redhat.com/show_bug.cgi?id=703405
- collector/redhat-bugzilla
- alias/CVE-2010-4542
- agent/type
- agent/references
- agent/first-publish-date
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/gimp
- canonical/gimp