RHSA-2011:0839: Moderate: gimp security update

First published: Tue May 31 2011(Updated: )

The GIMP (GNU Image Manipulation Program) is an image composition and<br>editing program.<br>A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro<br>(PSP) image file plug-in. An attacker could create a specially-crafted PSP<br>image file that, when opened, could cause the PSP plug-in to crash or,<br>potentially, execute arbitrary code with the privileges of the user running<br>the GIMP. (CVE-2010-4543)<br>A stack-based buffer overflow flaw was found in the GIMP's Lightning,<br>Sphere Designer, and Gfig image filters. An attacker could create a<br>specially-crafted Lightning, Sphere Designer, or Gfig filter configuration<br>file that, when opened, could cause the relevant plug-in to crash or,<br>potentially, execute arbitrary code with the privileges of the user running<br>the GIMP. (CVE-2010-4540, CVE-2010-4541, CVE-2010-4542)<br>Users of the GIMP are advised to upgrade to these updated packages, which<br>contain backported patches to correct these issues. The GIMP must be<br>restarted for the update to take effect.<br>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/redhat-errata
• anchor-id/RHSA-2011:0839
• agent/severity
• agent/weakness
• agent/title
• agent/references
• agent/description
• agent/tags
• agent/type
• agent/event
• agent/softwarecombine
• agent/first-publish-date
• agent/remedy
• agent/last-modified-date
• package-manager/redhat