CVE-2006-3404
CVSS5.1
发布时间 :2006-07-06 16:05:00
修订时间 :2011-03-07 21:38:35
NMCOPS    

[原文]Buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c for gimp before 2.2.12 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XCF file with a large num_axes value in the VECTORS property.


[CNNVD]Gimp XCF_load_vector函数栈溢出漏洞(CNNVD-200607-091)

        GIMP是GNU Image Manipulation Program(GNU图像处理程序)的缩写,是一款跨平台的图像处理软件。
        GIMP的xcf_load_vector()函数在加载XCF文件时存在栈溢出漏洞,攻击者可能利用此漏洞诱使用户打开恶意文件在用户机器上执行任意指令。
        恶意攻击者可以将很大的数字写入到XCF文件的num_axes字段位置,如果用户打开了该文件就会用文件中的数据覆盖部分栈缓冲区。在little-endian的系统中,实际读取浮点的xcf_read_float()函数对其读取的数据执行了字节顺序转换,但没有执行任何特别的浮点处理,因此攻击者可以直接控制写入栈中的数据。

- CVSS (基础分值)

CVSS分值: 5.1 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:the_gimp_team:gimp:2.2.6
cpe:/a:the_gimp_team:gimp:2.2.11
cpe:/a:the_gimp_team:gimp:2.2.9
cpe:/a:the_gimp_team:gimp:2.2.8
cpe:/a:the_gimp_team:gimp:2.3.9

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:5908Security Vulnerability in GIMP(1) May Lead to Denial of Service (DoS) or Execution of Arbitrary Code
oval:org.mitre.oval:def:11259Buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c for gimp before 2.2.12 allows user-assisted attackers to cause a denia...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3404
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3404
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200607-091
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/18877
(PATCH)  BID  18877
http://secunia.com/advisories/20979
(VENDOR_ADVISORY)  SECUNIA  20979
https://issues.rpath.com/browse/RPL-522
(UNKNOWN)  CONFIRM  https://issues.rpath.com/browse/RPL-522
http://xforce.iss.net/xforce/xfdb/27687
(UNKNOWN)  XF  gimp-xcfloadvector-bo(27687)
http://www.vupen.com/english/advisories/2006/4634
(UNKNOWN)  VUPEN  ADV-2006-4634
http://www.vupen.com/english/advisories/2006/2703
(UNKNOWN)  VUPEN  ADV-2006-2703
http://www.ubuntu.com/usn/usn-312-1
(UNKNOWN)  UBUNTU  USN-312-1
http://www.securityfocus.com/archive/1/archive/1/441030/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060724 rPSA-2006-0135-1 gimp
http://www.securityfocus.com/archive/1/archive/1/441012/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060724 ERRATA: [ GLSA 200607-08 ] GIMP: Buffer overflow
http://www.securityfocus.com/archive/1/archive/1/440987/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060724 Re: [ GLSA 200607-08 ] GIMP: Buffer overflow
http://www.redhat.com/support/errata/RHSA-2006-0598.html
(UNKNOWN)  REDHAT  RHSA-2006:0598
http://www.osvdb.org/27037
(UNKNOWN)  OSVDB  27037
http://www.novell.com/linux/security/advisories/2006_19_sr.html
(UNKNOWN)  SUSE  SUSE-SR:2006:019
http://www.debian.org/security/2006/dsa-1116
(UNKNOWN)  DEBIAN  DSA-1116
http://securitytracker.com/id?1016527
(UNKNOWN)  SECTRACK  1016527
http://security.gentoo.org/glsa/glsa-200607-08.xml
(UNKNOWN)  GENTOO  GLSA-200607-08
http://secunia.com/advisories/21198
(UNKNOWN)  SECUNIA  21198
http://secunia.com/advisories/21182
(UNKNOWN)  SECUNIA  21182
http://secunia.com/advisories/21170
(UNKNOWN)  SECUNIA  21170
http://secunia.com/advisories/21104
(UNKNOWN)  SECUNIA  21104
http://secunia.com/advisories/21069
(UNKNOWN)  SECUNIA  21069
http://secunia.com/advisories/20976
(VENDOR_ADVISORY)  SECUNIA  20976
http://bugzilla.gnome.org/show_bug.cgi?id=346742
(UNKNOWN)  CONFIRM  http://bugzilla.gnome.org/show_bug.cgi?id=346742
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=377049
(UNKNOWN)  MISC  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=377049
http://www.mandriva.com/security/advisories?name=MDKSA-2006:127
(UNKNOWN)  MANDRIVA  MDKSA-2006:127
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200070-1
(UNKNOWN)  SUNALERT  200070
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102720-1
(UNKNOWN)  SUNALERT  102720
http://secunia.com/advisories/23044
(UNKNOWN)  SECUNIA  23044
http://secunia.com/advisories/21459
(UNKNOWN)  SECUNIA  21459

- 漏洞信息

Gimp XCF_load_vector函数栈溢出漏洞
中危 缓冲区溢出
2006-07-06 00:00:00 2009-03-04 00:00:00
远程  
        GIMP是GNU Image Manipulation Program(GNU图像处理程序)的缩写,是一款跨平台的图像处理软件。
        GIMP的xcf_load_vector()函数在加载XCF文件时存在栈溢出漏洞,攻击者可能利用此漏洞诱使用户打开恶意文件在用户机器上执行任意指令。
        恶意攻击者可以将很大的数字写入到XCF文件的num_axes字段位置,如果用户打开了该文件就会用文件中的数据覆盖部分栈缓冲区。在little-endian的系统中,实际读取浮点的xcf_read_float()函数对其读取的数据执行了字节顺序转换,但没有执行任何特别的浮点处理,因此攻击者可以直接控制写入栈中的数据。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        http://www.debian.org/security/2005/dsa-1116
        

- 漏洞信息 (F48465)

Debian Linux Security Advisory 1116-1 (PacketStormID:F48465)
2006-07-24 00:00:00
Debian  debian.org
advisory,overflow,arbitrary
linux,debian
CVE-2006-3404
[点击下载]

Debian Security Advisory 1116-1 - Henning Makholm discovered a buffer overflow in the XCF loading code of Gimp, an image editing program. Opening a specially crafted XCF image might cause the application to execute arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1116-1                    security@debian.org
http://www.debian.org/security/                         Moritz Muehlenhoff
July 21st, 2006                         http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : gimp
Vulnerability  : buffer overflow
Problem-Type   : local(remote)
Debian-specific: no
CVE ID         : CVE-2006-3404
Debian Bug     : 377049

Henning Makholm discovered a buffer overflow in the XCF loading code
of Gimp, an image editing program. Opening a specially crafted XCF
image might cause the application to execute arbitrary code.

For the stable distribution (sarge) this problem has been fixed in
version 2.2.6-1sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 2.2.11-3.1.

We recommend that you upgrade your gimp package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1.dsc
      Size/MD5 checksum:     1089 979559b33614105fa58413378d7c204b
    http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1.diff.gz
      Size/MD5 checksum:    26122 c56e7ce33568fa577bb965d91a5c9e1c
    http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6.orig.tar.gz
      Size/MD5 checksum: 20496404 a6450200858c59bb46ace6987f1fc6ee

  Architecture independent components:

    http://security.debian.org/pool/updates/main/g/gimp/gimp-data_2.2.6-1sarge1_all.deb
      Size/MD5 checksum:  6276584 013c82da61ca8f0c34e7b02995f9a2dc
    http://security.debian.org/pool/updates/main/g/gimp/gimp1.2_2.2.6-1sarge1_all.deb
      Size/MD5 checksum:    31674 f5bf9b1c4d272b6d6a293da92ff1b4cc
    http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-doc_2.2.6-1sarge1_all.deb
      Size/MD5 checksum:   514958 5dcc11d084fd4e79e055493205cded03

  Alpha architecture:

    http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_alpha.deb
      Size/MD5 checksum:  3872520 f14c5800c1bb4da15eef57a6c9122c61
    http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_alpha.deb
      Size/MD5 checksum:    44970 2476f295f24498674678c8f21b35f26f
    http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_alpha.deb
      Size/MD5 checksum:   126646 244ae4e14a57803e0e04eed254ee845b
    http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_alpha.deb
      Size/MD5 checksum:    44794 5cc2a15a835d6649bbebdd068beaf5d3
    http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_alpha.deb
      Size/MD5 checksum:   576492 bf73a2b8130cc7a945cdcccb0546ce0b
    http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_alpha.deb
      Size/MD5 checksum:    98262 7ff13a929c089f127fd29836f780dd38

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_amd64.deb
      Size/MD5 checksum:  3266104 17d46a5010fb7451f6dfbd783caf73e6
    http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_amd64.deb
      Size/MD5 checksum:    43722 0956d860d60ff4394ca0c9b9aac2957f
    http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_amd64.deb
      Size/MD5 checksum:   122012 61a1ca703333bfad94692943c0e6ba86
    http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_amd64.deb
      Size/MD5 checksum:    43464 496e21eff61fedf892eb2f8a52e92857
    http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_amd64.deb
      Size/MD5 checksum:   543840 224ea85332d7e525aafa14cb1a639614
    http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_amd64.deb
      Size/MD5 checksum:    98234 a9f687bb252e9adbc91f81b67e42d3d9

  ARM architecture:

    http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_arm.deb
      Size/MD5 checksum:  2938416 b0901f13d679d1bb41e91c56f22c41d8
    http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_arm.deb
      Size/MD5 checksum:    41934 042f39449706ba1362676520935d98a0
    http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_arm.deb
      Size/MD5 checksum:   114028 d3adb0e677eee5f8484674f1ec29ef11
    http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_arm.deb
      Size/MD5 checksum:    42280 2300ed4a4de2537e30ad4f4df2cf540d
    http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_arm.deb
      Size/MD5 checksum:   507710 0592a4510f85ebb8c03e74cb2d410d95
    http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_arm.deb
      Size/MD5 checksum:    98332 57de081bea0749832e5c82e6cbdb28e9

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_i386.deb
      Size/MD5 checksum:  3087556 d4a3d583f932d75e1c49f72a32e9de56
    http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_i386.deb
      Size/MD5 checksum:    42692 35dedb9373d46897709de62a6ba56f22
    http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_i386.deb
      Size/MD5 checksum:   117012 0a76a982e406a236658882f2dabdf464
    http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_i386.deb
      Size/MD5 checksum:    43238 4e585d74f341874b8a31aad60d246caf
    http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_i386.deb
      Size/MD5 checksum:   521758 bc33f00f99995ffd91ff9bb84c83c4c1
    http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_i386.deb
      Size/MD5 checksum:    98248 a7d5db0fdf8401bdaef4a9266db6c705

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_ia64.deb
      Size/MD5 checksum:  4581614 af2d82f8c7d4373286f6872709d8bca4
    http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_ia64.deb
      Size/MD5 checksum:    46600 9186a0e6efb81e461d725fa761694f07
    http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_ia64.deb
      Size/MD5 checksum:   135808 7fa53fef4e3772b8f3087e9c5e37e5a0
    http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_ia64.deb
      Size/MD5 checksum:    46852 24434b0212a6792901bc9e2fbbd2bb1f
    http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_ia64.deb
      Size/MD5 checksum:   632324 c4335842b443c43c0dbe68797264d943
    http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_ia64.deb
      Size/MD5 checksum:    98240 f07c6a9cd8f7941ff7fd4a93589f7973

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_hppa.deb
      Size/MD5 checksum:  3468190 e9a04a87c97ee78815a3e332dbcccff8
    http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_hppa.deb
      Size/MD5 checksum:    43394 fed2f6e699416c5a03c1d3a130554418
    http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_hppa.deb
      Size/MD5 checksum:   125686 19e8ee051e193546d55788c7b3fb1e7d
    http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_hppa.deb
      Size/MD5 checksum:    43720 b4c52c60b267751689bc57fe7f1e3ded
    http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_hppa.deb
      Size/MD5 checksum:   583078 bda2acb1a3b23edcd435730ea9c6cd0c
    http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_hppa.deb
      Size/MD5 checksum:    98302 618bf48bcfe82ee886ad1ec2c9da8746

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_m68k.deb
      Size/MD5 checksum:  2697910 e90af18d0136fbf8d60e2089bac3dbc0
    http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_m68k.deb
      Size/MD5 checksum:    42302 6cffc71d58aa261293428323840eadfa
    http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_m68k.deb
      Size/MD5 checksum:   118392 e533fe00cf69d53713fea16f7c3c351b
    http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_m68k.deb
      Size/MD5 checksum:    42140 b77201f3a42f7be876c13ce803833891
    http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_m68k.deb
      Size/MD5 checksum:   520078 29e62d2417f9d4bd266e81a65e4d5201
    http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_m68k.deb
      Size/MD5 checksum:    98478 fe3705144e976a25c49330f2d0f958ab

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_mips.deb
      Size/MD5 checksum:  3448914 3236ee1f78e5d6a30cece944ea1c149e
    http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_mips.deb
      Size/MD5 checksum:    42690 e3a903955904332f1d6e14341de5c55d
    http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_mips.deb
      Size/MD5 checksum:   116280 4e4425ac5ccf0f7923aaa33817f4d3a9
    http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_mips.deb
      Size/MD5 checksum:    42960 8b6f4e92ed5b881e74fca99c4eac478f
    http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_mips.deb
      Size/MD5 checksum:   524600 978e3ab35f44bd1e516ded87d0fa1a11
    http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_mips.deb
      Size/MD5 checksum:    98256 b34836f926dea9bc7855c4fec1313db2

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_mipsel.deb
      Size/MD5 checksum:  3445558 fa88e0923517217e1ebc47dcc9e13e91
    http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_mipsel.deb
      Size/MD5 checksum:    42626 7df6dd0e0bcf0fd800b603ff62b088e4
    http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_mipsel.deb
      Size/MD5 checksum:   115598 f5e2fa780ab32a0e8d192209f42cf22c
    http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_mipsel.deb
      Size/MD5 checksum:    42882 8f2c5ead0311336fe8f9d5f73840bd66
    http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_mipsel.deb
      Size/MD5 checksum:   522138 172dad30e71dacab1aaedfbe2b9ab404
    http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_mipsel.deb
      Size/MD5 checksum:    98268 b7ad697195e7a622d584caef468bf24b

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_powerpc.deb
      Size/MD5 checksum:  3341118 c3bd01a81f343030030f7285fd35a9a2
    http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_powerpc.deb
      Size/MD5 checksum:    43938 66f8bf50052e465ab6306c0f93441fc1
    http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_powerpc.deb
      Size/MD5 checksum:   118214 7b22438747c7d7eb3ff1112607f36942
    http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_powerpc.deb
      Size/MD5 checksum:    44314 1452917365ca44d0849fd8783d5dc2b9
    http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_powerpc.deb
      Size/MD5 checksum:   539510 17896bbe9f778c125eed47e96f2582b0
    http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_powerpc.deb
      Size/MD5 checksum:    98282 c0c35190756c7bc71306d9e32e20770e

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_s390.deb
      Size/MD5 checksum:  3134704 5e3ee587e3af969dbe6b2acf8add98a6
    http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_s390.deb
      Size/MD5 checksum:    43896 17adcff9df203fcee2a2eccb4a7a78f6
    http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_s390.deb
      Size/MD5 checksum:   123904 b0f18ce58f5eb93fa64033b82b64f192
    http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_s390.deb
      Size/MD5 checksum:    43512 5ec341436fcf87c883a7bdff50eba154
    http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_s390.deb
      Size/MD5 checksum:   555508 eb2c9b65d19b333113a216499ca5b429
    http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_s390.deb
      Size/MD5 checksum:    98226 1883143a487595484af2def276b08017

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_sparc.deb
      Size/MD5 checksum:  2929592 ab276607e00e8159b855d2d3ddbd7f49
    http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_sparc.deb
      Size/MD5 checksum:    42236 0a2217eeb70903e12052b4111aac2c1d
    http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_sparc.deb
      Size/MD5 checksum:   116426 3eac44e9e3e28330e075385b1197a984
    http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_sparc.deb
      Size/MD5 checksum:    42440 464fe9823e9544cce55688ed1840bd38
    http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_sparc.deb
      Size/MD5 checksum:   527522 ea220cad0822aaf7f580c0ad76f44cb2
    http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_sparc.deb
      Size/MD5 checksum:    98290 b543cfe8b332246e3e33c4d785fa8957


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEwP3pXm3vHE4uyloRAhpFAKCCOZdjTM6ucq4eMsCnjuwL9NLBkgCcCkzh
Fb/SjYzkUD0JG41kcwYFgGM=
=MFLL
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F48410)

Mandriva Linux Security Advisory 2006.127 (PacketStormID:F48410)
2006-07-20 00:00:00
Mandriva  mandriva.com
advisory,denial of service,overflow,arbitrary
linux,mandriva
CVE-2006-3404
[点击下载]

Mandriva Linux Security Advisory MDKSA-2006-127 - A buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c for gimp 2.2.x allows user-complicit attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XCF file with a large num_axes value in the VECTORS property.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:127
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : gimp
 Date    : July 18, 2006
 Affected: 2006.0
 _______________________________________________________________________
 
 Problem Description:
 
 A buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c 
 for gimp 2.2.x allows user-complicit attackers to cause a denial of
 service (crash) and possibly execute arbitrary code via an XCF file
 with a large num_axes value in the VECTORS property.
 
 Updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3404
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 ef770a8f1e5b894589b8f591486e00b9  2006.0/RPMS/gimp-2.2.8-6.1.20060mdk.i586.rpm
 f39e2f6d7bd2e88e47b696b58aa8023b  2006.0/RPMS/gimp-python-2.2.8-6.1.20060mdk.i586.rpm
 465e5b21384bc501d2e991922695811f  2006.0/RPMS/libgimp2.0_0-2.2.8-6.1.20060mdk.i586.rpm
 1df661eb0a251358f5bc7c6e35929b71  2006.0/RPMS/libgimp2.0-devel-2.2.8-6.1.20060mdk.i586.rpm
 708dd714d5514cfb89a947bca6604b73  2006.0/SRPMS/gimp-2.2.8-6.1.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 20fe9e1f09f22f770c608303edfad886  x86_64/2006.0/RPMS/gimp-2.2.8-6.1.20060mdk.x86_64.rpm
 a61b7e401cf01bb3715702d557b0fca6  x86_64/2006.0/RPMS/gimp-python-2.2.8-6.1.20060mdk.x86_64.rpm
 e1d614c2befbec26c478eb1303ad887e  x86_64/2006.0/RPMS/lib64gimp2.0_0-2.2.8-6.1.20060mdk.x86_64.rpm
 8b7168186005e221d8aa58d37349d36d  x86_64/2006.0/RPMS/lib64gimp2.0-devel-2.2.8-6.1.20060mdk.x86_64.rpm
 708dd714d5514cfb89a947bca6604b73  x86_64/2006.0/SRPMS/gimp-2.2.8-6.1.20060mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEvVPXmqjQ0CJFipgRAnbwAKDawaKqriv1sTg+ZtwxXTnzJRz6dwCgxtWO
xmdCxTsvu/feOQNxMCxrcBY=
=LVOr
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F48171)

Ubuntu Security Notice 312-1 (PacketStormID:F48171)
2006-07-12 00:00:00
Ubuntu  security.ubuntu.com
advisory,arbitrary
linux,ubuntu
CVE-2006-3404
[点击下载]

Ubuntu Security Notice 312-1 - Henning Makholm discovered that the gimp does not sufficiently validate the 'num_axes' parameter in XCF files. By tricking a user into opening a specially crafted XCF file with Gimp, an attacker could exploit this to execute arbitrary code with the user's privileges.

=========================================================== 
Ubuntu Security Notice USN-312-1              July 10, 2006
gimp vulnerability
CVE-2006-3404
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
  gimp                           2.2.2-1ubuntu5.1
  libgimp2.0                     2.2.2-1ubuntu5.1

Ubuntu 5.10:
  gimp                           2.2.8-2ubuntu6.1
  libgimp2.0                     2.2.8-2ubuntu6.1

Ubuntu 6.06 LTS:
  gimp                           2.2.11-1ubuntu3.1
  libgimp2.0                     2.2.11-1ubuntu3.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Henning Makholm discovered that gimp did not sufficiently validate the
'num_axes' parameter in XCF files. By tricking a user into opening a
specially crafted XCF file with Gimp, an attacker could exploit this
to execute arbitrary code with the user's privileges.


Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp_2.2.2-1ubuntu5.1.diff.gz
      Size/MD5:    25366 1c89e7a4876c8922baf9c3be9cce72b9
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp_2.2.2-1ubuntu5.1.dsc
      Size/MD5:     1053 41cbd27c48207a245d8486d37c3bea44
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp_2.2.2.orig.tar.gz
      Size/MD5: 20151209 eccbe0b2438be095222a6723e57c51a3

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-data_2.2.2-1ubuntu5.1_all.deb
      Size/MD5:  2057404 4d2655688e65317c1cce1f7938c415b3
    http://security.ubuntu.com/ubuntu/pool/universe/g/gimp/gimp1.2_2.2.2-1ubuntu5.1_all.deb
      Size/MD5:    23028 c55d030036cc817eba07f15a31cd2ab9
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0-doc_2.2.2-1ubuntu5.1_all.deb
      Size/MD5:   516766 2bddbe64aae9009428e16f40ff0ac92c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-helpbrowser_2.2.2-1ubuntu5.1_amd64.deb
      Size/MD5:    34686 1491899331d67c323414df5625b378ad
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-python_2.2.2-1ubuntu5.1_amd64.deb
      Size/MD5:   114452 c0d1e1ea2cb6ec1ed06b6327a91e5da6
    http://security.ubuntu.com/ubuntu/pool/universe/g/gimp/gimp-svg_2.2.2-1ubuntu5.1_amd64.deb
      Size/MD5:    34686 c3726bb2cf00dc202439253ab8e5f47f
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp_2.2.2-1ubuntu5.1_amd64.deb
      Size/MD5:  3138104 4cbd06980a263a956eaf2ed8a61fae14
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0-dev_2.2.2-1ubuntu5.1_amd64.deb
      Size/MD5:    90072 e876c374828beb7951d8d1bb6323ef00
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0_2.2.2-1ubuntu5.1_amd64.deb
      Size/MD5:   434012 4ef7e7e58e45d192a8877747c432efdf

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-helpbrowser_2.2.2-1ubuntu5.1_i386.deb
      Size/MD5:    33386 e3249682facaedc43430c2a02f55be4f
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-python_2.2.2-1ubuntu5.1_i386.deb
      Size/MD5:   108648 883b24c54ef4fec71777d601eca58b64
    http://security.ubuntu.com/ubuntu/pool/universe/g/gimp/gimp-svg_2.2.2-1ubuntu5.1_i386.deb
      Size/MD5:    33806 ff701d78ebb13b876ea4651a00e06dce
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp_2.2.2-1ubuntu5.1_i386.deb
      Size/MD5:  2822064 333aba3cca28c59606ef01e688a98fdc
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0-dev_2.2.2-1ubuntu5.1_i386.deb
      Size/MD5:    90074 13fa37935cb5334bd13406119f326bee
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0_2.2.2-1ubuntu5.1_i386.deb
      Size/MD5:   404102 a9812964cf7257f5ae9609a95efb6a0f

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-helpbrowser_2.2.2-1ubuntu5.1_powerpc.deb
      Size/MD5:    34918 d46155c0c3ec7e265972c27156255595
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-python_2.2.2-1ubuntu5.1_powerpc.deb
      Size/MD5:   110434 d0c4290c8a30db183db627df47b901ce
    http://security.ubuntu.com/ubuntu/pool/universe/g/gimp/gimp-svg_2.2.2-1ubuntu5.1_powerpc.deb
      Size/MD5:    35606 c8f11092c804ba676de10fb0ee0206e5
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp_2.2.2-1ubuntu5.1_powerpc.deb
      Size/MD5:  3208564 ee4badf2b0ccaebd84dabeb123f5e98a
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0-dev_2.2.2-1ubuntu5.1_powerpc.deb
      Size/MD5:    90100 073cc2a24d7be2923c1a1750661bbc9e
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0_2.2.2-1ubuntu5.1_powerpc.deb
      Size/MD5:   428626 65b3e8b890dbcf005442c935a061169d

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp_2.2.8-2ubuntu6.1.diff.gz
      Size/MD5:    30972 004d46b2721db233a1037378a76ad219
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp_2.2.8-2ubuntu6.1.dsc
      Size/MD5:     1084 e1f078639ad1201614e0c830fad88f61
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp_2.2.8.orig.tar.gz
      Size/MD5: 20529098 4d543228967a8d33a8276339c40ffe64

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-data_2.2.8-2ubuntu6.1_all.deb
      Size/MD5:  2079192 d100e3e9b066e18a9fc1358237eecc90
    http://security.ubuntu.com/ubuntu/pool/universe/g/gimp/gimp1.2_2.2.8-2ubuntu6.1_all.deb
      Size/MD5:    34806 ffd1badac2770f6f7fd2af0382a8d4f0
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0-doc_2.2.8-2ubuntu6.1_all.deb
      Size/MD5:   519014 5557d213c447c8719475b63b4f275570

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-helpbrowser_2.2.8-2ubuntu6.1_amd64.deb
      Size/MD5:    46334 cf5aa30f0a710e0a2a5d3b5d1f31de82
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-python_2.2.8-2ubuntu6.1_amd64.deb
      Size/MD5:   126774 57b5c7fb31d5fd4c7a893a46aa9f59c8
    http://security.ubuntu.com/ubuntu/pool/universe/g/gimp/gimp-svg_2.2.8-2ubuntu6.1_amd64.deb
      Size/MD5:    46420 f8540a7d00dc18d5d014c9c5d571a280
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp_2.2.8-2ubuntu6.1_amd64.deb
      Size/MD5:  3178830 1d4a121e227396c6c67558dd62c3e66e
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0-dev_2.2.8-2ubuntu6.1_amd64.deb
      Size/MD5:   101984 04238d839cba2fb1f62e12178f27f06f
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0_2.2.8-2ubuntu6.1_amd64.deb
      Size/MD5:   446672 49cc4af975ae1820ac27431f0dfc382b

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-helpbrowser_2.2.8-2ubuntu6.1_i386.deb
      Size/MD5:    45178 32211947773168a74e8a32a96f1d7977
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-python_2.2.8-2ubuntu6.1_i386.deb
      Size/MD5:   119216 9c8ea7d961f3008894ae311c88c51a4a
    http://security.ubuntu.com/ubuntu/pool/universe/g/gimp/gimp-svg_2.2.8-2ubuntu6.1_i386.deb
      Size/MD5:    45512 181b1d11a870434b6143a05f817abba3
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp_2.2.8-2ubuntu6.1_i386.deb
      Size/MD5:  2805454 3751247190e54a478dd3e4bd09ec1d01
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0-dev_2.2.8-2ubuntu6.1_i386.deb
      Size/MD5:   101976 01cf59d7bd98979b7f4731a156454c8d
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0_2.2.8-2ubuntu6.1_i386.deb
      Size/MD5:   403820 e1d8643a2f489f570ec4cbff690de43e

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-helpbrowser_2.2.8-2ubuntu6.1_powerpc.deb
      Size/MD5:    46774 283d55a3942da3e25f91222292256260
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-python_2.2.8-2ubuntu6.1_powerpc.deb
      Size/MD5:   122710 d73fc3e1820c125e18af9bc5f546c489
    http://security.ubuntu.com/ubuntu/pool/universe/g/gimp/gimp-svg_2.2.8-2ubuntu6.1_powerpc.deb
      Size/MD5:    47426 9640175231edeb56cefbcd1b2b64942c
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp_2.2.8-2ubuntu6.1_powerpc.deb
      Size/MD5:  3263286 21ee97ed61ca4cf5814c4c16bfa25390
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0-dev_2.2.8-2ubuntu6.1_powerpc.deb
      Size/MD5:   102008 6155784e2c64ec20a2e2dedb207b835b
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0_2.2.8-2ubuntu6.1_powerpc.deb
      Size/MD5:   438484 9ecff496283a2ce8eb1c80ecfe462e39

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-helpbrowser_2.2.8-2ubuntu6.1_sparc.deb
      Size/MD5:    45234 69d43426f6ad3b9df471a8f6cf17ce7a
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-python_2.2.8-2ubuntu6.1_sparc.deb
      Size/MD5:   120352 1ef0f1997cd115e06c0e70afdc7ae3ec
    http://security.ubuntu.com/ubuntu/pool/universe/g/gimp/gimp-svg_2.2.8-2ubuntu6.1_sparc.deb
      Size/MD5:    45708 c8b2309d4456cec39618f02e203ff701
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp_2.2.8-2ubuntu6.1_sparc.deb
      Size/MD5:  2876458 7bc16fd12c4388293176983a874785f4
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0-dev_2.2.8-2ubuntu6.1_sparc.deb
      Size/MD5:   101994 a0875688cfcdc478b88a8bd0488435f8
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0_2.2.8-2ubuntu6.1_sparc.deb
      Size/MD5:   422928 e0ba6fd3923075ee5856dd7bbcb47b01

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp_2.2.11-1ubuntu3.1.diff.gz
      Size/MD5:    33861 004dcc1835345fc1d474f6fa2dbf15ab
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp_2.2.11-1ubuntu3.1.dsc
      Size/MD5:     1266 d353df1f507926d72eedaba11c564932
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp_2.2.11.orig.tar.gz
      Size/MD5: 18549092 c4312189e3a7f869a26874854dc6a1d7

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-data_2.2.11-1ubuntu3.1_all.deb
      Size/MD5:  2093412 4cdda893bedc7e4e8cecdfd68b73cc04
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0-doc_2.2.11-1ubuntu3.1_all.deb
      Size/MD5:   527466 8edee6915a0ad1a6d45a14ab8ecc847a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/g/gimp/gimp-dbg_2.2.11-1ubuntu3.1_amd64.deb
      Size/MD5:  8473344 1a6612ca5386e16e44adc93554c2567e
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-helpbrowser_2.2.11-1ubuntu3.1_amd64.deb
      Size/MD5:    53096 665807789fecc435294fdda90d58fe35
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-python_2.2.11-1ubuntu3.1_amd64.deb
      Size/MD5:   133490 2cb5b3d370051bad846a5963fbccaf24
    http://security.ubuntu.com/ubuntu/pool/universe/g/gimp/gimp-svg_2.2.11-1ubuntu3.1_amd64.deb
      Size/MD5:    53156 148b06d4fc0661241adbf234c4f814fa
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp_2.2.11-1ubuntu3.1_amd64.deb
      Size/MD5:  3147966 763f65666e85c50004284d518ccfc4f5
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0-dev_2.2.11-1ubuntu3.1_amd64.deb
      Size/MD5:   108734 16ad76637519d42d8afdc780978db281
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0_2.2.11-1ubuntu3.1_amd64.deb
      Size/MD5:   453440 620657d5342af6e5fb9736b56c49e322

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/g/gimp/gimp-dbg_2.2.11-1ubuntu3.1_i386.deb
      Size/MD5:  7197248 997dcf3438d2df3f97515b57069b0a6d
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-helpbrowser_2.2.11-1ubuntu3.1_i386.deb
      Size/MD5:    51792 37ea6be3a30463338060e70a4de58ec0
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-python_2.2.11-1ubuntu3.1_i386.deb
      Size/MD5:   125872 ce230923c066949ec6314b50a666484c
    http://security.ubuntu.com/ubuntu/pool/universe/g/gimp/gimp-svg_2.2.11-1ubuntu3.1_i386.deb
      Size/MD5:    52220 0a094c0178ed7034404a87e391f66f73
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp_2.2.11-1ubuntu3.1_i386.deb
      Size/MD5:  2777714 4faf75153a46135a8d8c7b9d6b10c986
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0-dev_2.2.11-1ubuntu3.1_i386.deb
      Size/MD5:   108758 b4ed9b42f95fc07aa809fc49e2538ba8
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0_2.2.11-1ubuntu3.1_i386.deb
      Size/MD5:   410296 0725cc03751a2bbcee0707a0975bc2ed

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/g/gimp/gimp-dbg_2.2.11-1ubuntu3.1_powerpc.deb
      Size/MD5:  8506604 46a43967bff3eb77bf8a2018208fc847
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-helpbrowser_2.2.11-1ubuntu3.1_powerpc.deb
      Size/MD5:    53564 b44a95cf20502d19c8e331c8577c07d8
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-python_2.2.11-1ubuntu3.1_powerpc.deb
      Size/MD5:   129400 986c1e4c82efc7c81a7aa7b72e44d90a
    http://security.ubuntu.com/ubuntu/pool/universe/g/gimp/gimp-svg_2.2.11-1ubuntu3.1_powerpc.deb
      Size/MD5:    54222 2efc43f1a03e224bd342514b0d01a799
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp_2.2.11-1ubuntu3.1_powerpc.deb
      Size/MD5:  3229098 e500ce8a902d0837ec4d19f7b511c3ba
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0-dev_2.2.11-1ubuntu3.1_powerpc.deb
      Size/MD5:   108760 153b87573a51321a5d1ecd5cfc0f0698
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0_2.2.11-1ubuntu3.1_powerpc.deb
      Size/MD5:   444870 b5bb55e95bb99d6b091a52a06997ddcd

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/universe/g/gimp/gimp-dbg_2.2.11-1ubuntu3.1_sparc.deb
      Size/MD5:  7493990 d1a7b839cf5ede21cdb9017d031fd404
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-helpbrowser_2.2.11-1ubuntu3.1_sparc.deb
      Size/MD5:    51956 209e08ed952a02a16acbe32de2cdc760
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp-python_2.2.11-1ubuntu3.1_sparc.deb
      Size/MD5:   127186 36c4e2ec85bce5a19d8dac0573bf0436
    http://security.ubuntu.com/ubuntu/pool/universe/g/gimp/gimp-svg_2.2.11-1ubuntu3.1_sparc.deb
      Size/MD5:    52422 908d3b06661d753ccbc7f445080aeb14
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/gimp_2.2.11-1ubuntu3.1_sparc.deb
      Size/MD5:  2821484 2a90f76cb39506c026577a1ecdad031d
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0-dev_2.2.11-1ubuntu3.1_sparc.deb
      Size/MD5:   108758 07790df1c789e274534c5506e463288f
    http://security.ubuntu.com/ubuntu/pool/main/g/gimp/libgimp2.0_2.2.11-1ubuntu3.1_sparc.deb
      Size/MD5:   428780 86eaed52e36beb83a3eef41f21f810a9

    

- 漏洞信息

27037
GIMP XCF Parsing xcf_load_vector() Function Overflow
Remote / Network Access Denial of Service, Input Manipulation, Other
Loss of Integrity, Loss of Availability
Exploit Unknown Vendor Verified

- 漏洞描述

A remote overflow exists in Gimp. The xcf_load_vector() function fails to handle XCF files with a large 'num_axes' value resulting in a buffer overflow. With a specially crafted XCF file, an attacker can execute remote arbitrary code or cause denial of service resulting in a loss of integrity or availability.

- 时间线

2006-07-06 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 2.2.12 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Gimp XCF_load_vector Function Buffer Overflow Vulnerability
Boundary Condition Error 18877
Yes No
2006-07-07 12:00:00 2008-09-10 07:10:00
Henning Makholm discovered this issue.

- 受影响的程序版本

Ubuntu Ubuntu Linux 5.10 sparc
Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu Ubuntu Linux 5.10 amd64
Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 6.06 LTS amd64
SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
SuSE SUSE Linux Enterprise Server 10
SuSE SUSE Linux Enterprise Desktop 10
Sun Solaris 10_x86
Sun Solaris 10
Sun Java Desktop System (JDS) 2.0
Slackware Linux 10.2
Slackware Linux -current
S.u.S.E. UnitedLinux 1.0
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. Open-Enterprise-Server 9.0
S.u.S.E. Open-Enterprise-Server 1
S.u.S.E. Office Server
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Novell Linux Desktop 1.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 10.1
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 10.1
S.u.S.E. Linux Openexchange Server
S.u.S.E. Linux Office Server
S.u.S.E. Linux Enterprise Server for S/390 9.0
S.u.S.E. Linux Enterprise Server for S/390
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Desktop 1.0
S.u.S.E. Linux Database Server 0
S.u.S.E. Linux Connectivity Server
rPath rPath Linux 1
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux Desktop version 4
Red Hat Enterprise Linux AS 4
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
GIMP GIMP 2.3.9
GIMP GIMP 2.2.11
GIMP GIMP 2.2.8
GIMP GIMP 2.2.6
Gentoo Linux
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Avaya Interactive Response 1.3
Avaya Interactive Response 1.2.1
Avaya Interactive Response
Avaya Integrated Management 2.1
Avaya Integrated Management
Avaya CVLAN
GIMP GIMP 2.2.12

- 不受影响的程序版本

GIMP GIMP 2.2.12

- 漏洞讨论

Gimp is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input data before copying it to an insufficiently sized memory buffer.

An attacker may cause malicious code to execute by forcing the application to read raw data from a malicious image file, with the privileges of the user running the GIMP application.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com

- 解决方案

The vendor has released version 2.2.12 to address this issue.

Please see the referenced vendor advisories for more information.


Sun Solaris 10

Sun Solaris 10_x86

GIMP GIMP 2.2.11

GIMP GIMP 2.2.6

GIMP GIMP 2.2.8

GIMP GIMP 2.3.9

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站