Bug 150677
Summary: | CAN-2005-0654 gimp GIF DoS | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 4 | Reporter: | Josh Bressers <bressers> | ||||
Component: | gimp | Assignee: | Nils Philippsen <nphilipp> | ||||
Status: | CLOSED NOTABUG | QA Contact: | David Lawrence <dkl> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 4.0 | Keywords: | Security | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | impact=none,public=20050304,source=cve,reported=20050307 | ||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2005-03-21 12:02:53 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Josh Bressers
2005-03-09 16:11:26 UTC
Created attachment 111813 [details]
Demo image which triggers this issue.
This issue should also affect RHEL3 and RHEL2.1. Hmm, with gimp-2.2.4, this crashes the GIF _plugin_ in an assertion. I don't see how it should affect the main application. Nevertheless I'll backport the fix which is in upstream CVS for RHEL/Fedora, because upstream won't bother to backport it themselves (see their bugzilla). Crashing a client application on load of a malicious image is not a security issue -- don't load the bad image. Closing. |