879302 – (CVE-2012-5576) CVE-2012-5576 gimp (XWD plug-in): Stack-based buffer overflow when loading XWD file

Bug 879302 (CVE-2012-5576) - CVE-2012-5576 gimp (XWD plug-in): Stack-based buffer overflow when loading XWD file

Summary: CVE-2012-5576 gimp (XWD plug-in): Stack-based buffer overflow when loading XW...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2012-5576
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	879306 910362 910364 910366 910367
Blocks:	879318
TreeView+	depends on / blocked

Reported:	2012-11-22 14:58 UTC by Jan Lieskovsky
Modified:	2019-09-29 12:58 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-12-14 19:50:01 UTC
Embargoed:

Attachments	(Terms of Use)
Local copy of the reproducer image (593.07 KB, image/x-xwindowdump) 2012-11-22 15:28 UTC, Jan Lieskovsky	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2013:1778	0	normal	SHIPPED_LIVE	Moderate: gimp security update	2013-12-03 21:50:50 UTC

Description Jan Lieskovsky 2012-11-22 14:58:18 UTC

A stack-based buffer overflow flaw was found in the way GIMP, the GNU Image Manipulation Program, performed loading of certain X Window System (XWD) image dumps. A remote attacker could provide a specially-crafted XWD format image file that, when processed, would lead to gimp XWD plug-in crash or, potentially, arbitrary code execution with the privileges of the user running the gimp executable.

References:
[1] http://www.openwall.com/lists/oss-security/2012/11/21/2

Upstream bug report:
[2] https://bugzilla.gnome.org/show_bug.cgi?id=687392

Relevant patch:
[3] http://git.gnome.org/browse/gimp/commit/?id=0b35f6a082a0b3c372c568ea6bde39a4796acde2

Reproducer:
[4] https://bugzilla.gnome.org/show_bug.cgi?id=687392#c1

Comment 1 Jan Lieskovsky 2012-11-22 15:03:10 UTC

This issue affects the versions of the gimp package, as shipped with Red Hat Enterprise Linux 5 and 6.

--

This issue affects the versions of the gimp package, as shipped with Fedora release of 16 and 17. Please schedule an update.

Comment 2 Jan Lieskovsky 2012-11-22 15:04:32 UTC

Created gimp tracking bugs for this issue

Affects: fedora-all [bug 879306]

Comment 3 Jan Lieskovsky 2012-11-22 15:28:44 UTC

Created attachment 649873 [details]
Local copy of the reproducer image

Comment 4 Huzaifa S. Sidhpurwala 2012-11-27 05:57:13 UTC

This issue has been assigned CVE-2012-5576 via:
http://www.openwall.com/lists/oss-security/2012/11/27/1

Comment 7 Fedora Update System 2013-02-21 05:37:22 UTC

gimp-2.8.4-1.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 8 errata-xmlrpc 2013-12-03 16:51:52 UTC

This issue has been addressed in following products:

  Red Hat Enterprise Linux 5
  Red Hat Enterprise Linux 6

Via RHSA-2013:1778 https://rhn.redhat.com/errata/RHSA-2013-1778.html

Note You need to log in before you can comment on or make changes to this bug.