| Description: | Summary:
The remote host is missing an update for the 'gimp' package(s) announced via the ELSA-2007-0513 advisory.
Vulnerability Insight:
[1.2.3-20.9.el3]
- validate bytesperline header field when loading PCX files (#247570)
[1.2.3-20.8.el3]
- reduce GIMP_MAX_IMAGE_SIZE to 2^18 to detect bogus image widths/heights
(#247570)
[1.2.3-20.7.el3]
- replace gimp_error() by gimp_message()/gimp_quit() in a few plugins so
they
don't crash but gracefully exit when encountering error conditions
- fix endianness issues in the PSP plugin to avoid it doing (seemingly)
endless
loops when loading images
- fix endianness issues in the PCX plugin which cause it to not detect
corrupt
images
[1.2.3-20.6.el3]
- add ChangeLog entry to psd-invalid-dimensions patch (#247570)
- validate size values read from files before using them to allocate
memory in
various file plugins (#247570, patch by Mukund Sivaraman and Rapha??l
Quinet,
adapted)
- detect invalid image data when reading files in several plugins (#247570,
patch by Sven Neumann and Rapha??l Quinet, adapted)
- validate size values read from files before using them to allocate
memory in
the PSD and sunras plugins (#247570, patch by Mukund Sivaraman and Sven
Neumann, partly adapted)
- add safeguard to avoid crashes while loading corrupt PSD images (#247570,
patch by Rapha??l Quinet, adapted)
- convert spec file to UTF-8
[1.2.3-20.5.el3]
- use adapted upstream PSD fix by Sven Neumann (#244406)
[1.2.3-20.4.el3]
- refuse to open PSD files with insanely large dimensions (#244406)
Affected Software/OS:
'gimp' package(s) on Oracle Linux 3, Oracle Linux 4, Oracle Linux 5.
Solution:
Please install the updated package(s).
CVSS Score:
6.8
CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
