Stefan Cornelius of Secunia Research discovered an integer overflow flaw in the way Gimp's PSD decoder processes certain PSD files. This flaw could allow a malicious PSD file to execute arbitrary code as the user running Gimp.
Created tracking bugs for this issue CVE-2007-2949 Affects: F7 [bug #244402] CVE-2007-2949 Affects: FC5 [bug #244403] CVE-2007-2949 Affects: FC6 [bug #244404] CVE-2007-2949 Affects: rhel-2.1 [bug #244405] CVE-2007-2949 Affects: rhel-3 [bug #244406] CVE-2007-2949 Affects: rhel-4.5.z [bug #244407] CVE-2007-2949 Affects: rhel-4.6 [bug #244408] CVE-2007-2949 Affects: rhel-5.0.z [bug #244409] CVE-2007-2949 Affects: rhel-5.1 [bug #244410]
Lifting embargo
This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2007-0513.html Fedora: updated to fixed upstream version