Fedora Account System
Red Hat Associate
Red Hat Customer
Stefan Cornelius of Secunia Research discovered an integer overflow flaw in the way Gimp's PSD decoder processes certain PSD files. This flaw could allow a malicious PSD file to execute arbitrary code as the user running Gimp.
Created tracking bugs for this issue CVE-2007-2949 Affects: F7 [bug #244402] CVE-2007-2949 Affects: FC5 [bug #244403] CVE-2007-2949 Affects: FC6 [bug #244404] CVE-2007-2949 Affects: rhel-2.1 [bug #244405] CVE-2007-2949 Affects: rhel-3 [bug #244406] CVE-2007-2949 Affects: rhel-4.5.z [bug #244407] CVE-2007-2949 Affects: rhel-4.6 [bug #244408] CVE-2007-2949 Affects: rhel-5.0.z [bug #244409] CVE-2007-2949 Affects: rhel-5.1 [bug #244410]
Lifting embargo
This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2007-0513.html Fedora: updated to fixed upstream version