Site Network: Beskerming.com | Skiifwrald.com | Jongsma & Jongsma

Security for All

Sûnnet Beskerming is a company with a focus and a drive to provide Information Security services for all those who want to stay safe and secure in an online world.

Username: | Password: Contact us to request an account

GIMP (Gnu Image Manipulation Program) - Local hacker automatic control

Version: 2.2.15 and prior.
Technical Details:

Arbitrary code execution due to integer overflow vulnerabilities in GIMP when handling DICOM, PNM, PSD, PSP, Sun RAS, XBm, and XWD file formats. The vulnerability in the Sun RAS format handling has been known since April, but the other formats are new disclosures.

Description:

iDefense have released an advisory that expands on a previously known issue (Sunnet Alert Advisory #227 - April 07) affecting GIMP and the handling of various image types through external plugins. Previously, it was known that the SunRAS format was vulnerable, but numerous other formats are now known to be vulnerable.

Successful exploitation requires the victim to open a malicious image file in GIMP.

Mitigation:

Update to GIMP version 2.2.16 at the earliest opportunity. Alternatively, move unused (and affected) image handling plugins out of the gimp/2.0/plug-ins directory.

Updates:

http://developer.gimp.org/NEWS-2.2

Source:

http://labs.idefense.com/intelligence/vulnerabilities/

Exploits:

External Tracking Data:

CVE-ID: CVE-2006-4519


Social bookmark this page