Red Hat Bugzilla – Bug 879302
CVE-2012-5576 gimp (XWD plug-in): Stack-based buffer overflow when loading XWD file
Last modified: 2016-03-04 07:14:59 EST
A stack-based buffer overflow flaw was found in the way GIMP, the GNU Image Manipulation Program, performed loading of certain X Window System (XWD) image dumps. A remote attacker could provide a specially-crafted XWD format image file that, when processed, would lead to gimp XWD plug-in crash or, potentially, arbitrary code execution with the privileges of the user running the gimp executable.
Upstream bug report:
This issue affects the versions of the gimp package, as shipped with Red Hat Enterprise Linux 5 and 6.
This issue affects the versions of the gimp package, as shipped with Fedora release of 16 and 17. Please schedule an update.
Created gimp tracking bugs for this issue
Affects: fedora-all [bug 879306]
Created attachment 649873 [details]
Local copy of the reproducer image
This issue has been assigned CVE-2012-5576 via:
gimp-2.8.4-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Via RHSA-2013:1778 https://rhn.redhat.com/errata/RHSA-2013-1778.html