Lucene search

K

Gentoo FoundationGLSA-201311-05

HistoryNov 10, 2013 - 12:00 a.m.

GIMP: Multiple vulnerabilities

2013-11-1000:00:00

Gentoo Foundation

security.gentoo.org

29

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.759 High

EPSS

Percentile

98.1%

Background

GIMP is the GNU Image Manipulation Program.

Description

Multiple vulnerabilities have been discovered in GIMP. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could entice a user to open a specially crafted KiSS palette, GIF image or XWD file using GIMP, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All GIMP users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=media-gfx/gimp-2.8.2-r1"

OSVersionArchitecturePackageVersionFilename
Gentooanyallmedia-gfx/gimp< 2.8.2-r1UNKNOWN

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.759 High

EPSS

Percentile

98.1%

Related for GLSA-201311-05

openvas34 osv1 fedora4 nessus31 kaspersky2 securityvulns6 debian1 redhat3 centos3 oraclelinux3 ubuntu2 suse4 cve3 ubuntucve3 checkpoint_advisories2 prion3 veracode3 debiancve3