Red Hat Bugzilla – Bug 838941
CVE-2012-3402 gimp (PSD plug-in): Heap-buffer overflow by decoding certain PSD headers
Last modified: 2016-03-04 06:19:06 EST
A heap-based buffer overflow flaw was found in the way Adobe Photoshop(tm) PSD plug-in of Gimp, the GNU Image Manipulation Program, performed decoding of headers, when loading certain Adobe Photoshop image files. A remote attacker could provide a specially-crafted PSD image file that, when opened in Gimp would lead to PSD plug-in crash or, potentially, arbitrary code execution with the privileges of the user running gimp executable.
This issue was found by Jan Lieskovsky of the Red Hat Security Response Team
The CVE identifier of CVE-2012-3402 has been assigned to this issue.
Created attachment 603059 [details]
Patch to fix CVEs 2009-3909 and 2012-3402
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2012:1181 https://rhn.redhat.com/errata/RHSA-2012-1181.html