Bug 248053 (CVE-2007-3741)

Summary: CVE-2007-3741 Gimp image loader multiple input validation flaws
Product: [Other] Security Response Reporter: Josh Bressers <bressers>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-12-22 22:04:41 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 247566, 247567, 247568, 247569, 247570, 247571, 247572, 247573, 247574, 833902    
Bug Blocks:    

Description Josh Bressers 2007-07-12 20:17:59 UTC 
The release of Gimp 2.2.16 fixed this item:
- improved input value validation in several file plug-ins (bug #453973)

This bug:
http://bugzilla.gnome.org/show_bug.cgi?id=453973

fixes several input validation flaws in the way the Gimp loads various
Comment 1 Nils Philippsen 2007-07-13 09:42:05 UTC 
the psd fixes cause a regression with images that contain zero
width/height layers
Comment 2 Nils Philippsen 2007-07-13 09:50:19 UTC 
waiting for 2.2.17 which should be ready soon
Comment 3 Nils Philippsen 2007-07-13 20:17:10 UTC 
built pkgs for RHEL2.1 - RHEL5 with fixes for (as of yet) known security issues
Comment 5 Vincent Danen 2010-12-22 22:04:41 UTC 
This was addressed via:

Red Hat Enterprise Linux version 2.1 (RHSA-2007:0513)
Red Hat Enterprise Linux version 3 (RHSA-2007:0513)
Red Hat Enterprise Linux version 4 (RHSA-2007:0513)
Red Hat Enterprise Linux version 5 (RHSA-2007:0513)