gimp

• Author: voroskoi
• Vulnerable: 2.2.13-1
• Unaffected: 2.2.13-2terminus1

Marsu has discovered a vulnerability in Gimp, which can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to an error within the “set_color_table()” function in plug-ins/common/sunras.c. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted .RAS file. Successful exploitation may allow the execution of arbitrary code.

• Bug Tracker URL: http://bugs.frugalware.org/task/2007

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2356