Bugzilla – Bug 662043
VUL-0: gimp: four buffer overflows in plugins
Last modified: 2018-05-08 00:50:54 UTC
A CVE has been requested for gimp buffer overflows: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608497 via OSS-sec.
via OSS-sec: I'm going to give this four. We *might* be able to get away with two, but since they're all in quite different bits of code, I'm betting the affected versions are different, and it's likely upstream is going to fix these all at different times in their SCM. CVE-2010-4540 gimp LIGHTING EFFECTS > LIGHT plugin stack buffer overflow CVE-2010-4541 gimp SPHERE DESIGNER plugin stack buffer overflow CVE-2010-4542 gimp GFIG plugin stack buffer overflow CVE-2010-4543 gimp heap overflow read_channel_data() in file-psp.c Thanks. -- JB
The SWAMPID for this issue is 38026. This issue was rated as moderate. Please submit fixed packages until 2011-01-18. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team.
Please also fix bnc#598892 along with it (from the planned update queue).
Since the buffer overflows are public and it wasn't reported upstream, I filed a bug upstream with a more detailed analysis: https://bugzilla.gnome.org/show_bug.cgi?id=639203. Don't know if it should be sent to oss-sec...
Feel free to do so, but since the issues came via oss-sec, they are at least aware of the bugs. Which dists do we need to do updates for?
(In reply to comment #5) > Feel free to do so, but since the issues came via oss-sec, > they are at least aware of the bugs. Oh, I know the issue was sent on it, but I was thinking that people would possibly want to follow the upstream bug. > Which dists do we need to do updates for? openSUSE 11.2 & 11.3 for sure. Quickly looking at SLE, SLE-10 and higher need an update (gimp 2.2 has at least one of the vulnerability). I don't think SLE-9 is affected, but someone would need to take a closer look.
CVE-2010-4540: CVSS v2 Base Score: 4.3 (low) (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119) CVE-2010-4541: CVSS v2 Base Score: 4.3 (low) (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119) CVE-2010-4542: CVSS v2 Base Score: 4.3 (low) (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119) CVE-2010-4543: CVSS v2 Base Score: 4.3 (low) (AV:N/AC:M/Au:N/C:N/I:N/A:P): Buffer Errors (CWE-119) Because of this low CVSS rating we should think about putting it on "planned updates". Sebastian, what do you think?
Ludwig mentions that CVE-2010-4540, CVE-2010-4541 and CVE-2010-4542 only affects the handling of the *config* file. CVE-2010-4543 is the interesting one which affects image parsing. The CVSS rating of the bug differes a lot between NVD and RH: NVD: CVE-2010-4543: CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) RH: CVE-2010-4543: CVSS v2 Base Score: 4.3 (low) (AV:N/AC:M/Au:N/C:N/I:N/A:P) I would rate this bug somewhere between them (5.4). I vote for an update.
FWIW, there's still no fix upstream for CVE-2010-4543.
Fix submitted or 11.2 and 11.3: sr#61229, sr#61230. Scott: can someone in your team handle the SLE part?
Vincent, was bnc#598892 fixed by your submission too?
Ah... seems to be a sled11 problem only. Scott, can you take care that the patch for bnc#598892 is included. Thanks.
(In reply to comment #10) > Fix submitted or 11.2 and 11.3: sr#61229, sr#61230. > > Scott: can someone in your team handle the SLE part? I'll take this one.
Submitted fix to SLE11-SP1 #10969. This submission includes the fix for bnc#598892 Submitted fix to SLE10-SP4 #10971. This one was a little trickier as the affected files and functions have been moved around and renamed since version 2.2. The fix logic was applied in all cases though. SLE10 does not suffer from bnc#598892.
Update released for: gimp, gimp-branding-upstream, gimp-debuginfo, gimp-debugsource, gimp-devel, gimp-devel-debuginfo, gimp-help-browser, gimp-help-browser-debuginfo, gimp-lang, gimp-module-hal, gimp-module-hal-debuginfo, gimp-plugins-python, gimp-plugins-python-debuginfo Products: openSUSE 11.2 (debug, i586, x86_64) openSUSE 11.3 (debug, i586, x86_64)
Update released for: gimp, gimp-branding-upstream, gimp-debuginfo, gimp-debugsource, gimp-devel, gimp-doc, gimp-lang, gimp-plugins-python Products: SLE-DEBUGINFO 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP1 (i386, x86_64) SLE-SDK 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
Update released for: gimp, gimp-debuginfo, gimp-devel Products: SLE-DESKTOP 10-SP3 (i386, x86_64) SLE-SDK 10-SP3 (i386, ia64, ppc, s390x, x86_64)
all released
This is an autogenerated message for OBS integration: This bug (662043) was mentioned in https://build.opensuse.org/request/show/603017 Factory / gimp
This is an autogenerated message for OBS integration: This bug (662043) was mentioned in https://build.opensuse.org/request/show/605190 15.0 / gimp