Bug 704512 (CVE-2011-1782)
Summary: | CVE-2011-1782 Gimp: Incomplete fix for CVE-2010-4543 PSP plug-in heap overflow issue | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | nphilipp, security-response-team, tpelka |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2021-10-19 21:48:39 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 537809, 537810, 537811, 703803, 703804, 706939, 833903 | ||
Bug Blocks: |
Description
Jan Lieskovsky
2011-05-13 14:01:00 UTC
Proposed patch from Nils Philippsen to address this problem: diff --git a/plug-ins/common/file-psp.c b/plug-ins/common/file-psp.c index 7e620fb..9ae5395 100644 --- a/plug-ins/common/file-psp.c +++ b/plug-ins/common/file-psp.c @@ -1200,7 +1200,7 @@ read_channel_data (FILE *f, fread (buf, runcount, 1, f); /* prevent buffer overflow for bogus data */ - runcount = MIN (runcount, endq - q); + runcount = MIN (runcount, (endq - q) / bytespp); if (bytespp == 1) { The CVE identifier of CVE-2011-1782 has been assigned to this issue. Created gimp tracking bugs for this issue Affects: fedora-all [bug 706939] |