Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2009-1570

Published: 13 November 2009

Integer overflow in the ReadImage function in plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a BMP file with crafted width and height values that trigger a heap-based buffer overflow.

Priority

Medium

Status

Package Release Status
gimp
Launchpad, Ubuntu, Debian 		dapper Ignored
(end of life)
hardy
Released (2.4.5-1ubuntu2.1)
intrepid
Released (2.6.1-1ubuntu3.1)
jaunty
Released (2.6.6-0ubuntu1.1)
karmic
Released (2.6.7-1ubuntu1.1)
upstream Needed

Patches:
upstream: http://git.gnome.org/cgit/gimp/commit/?id=e3afc99b2fa7aeddf0dba4778663160a5bc682d3
upstream: http://git.gnome.org/cgit/gimp/commit/?id=43d57c666346320436a0b668de5525387952784e
upstream: http://git.gnome.org/cgit/gimp/commit/?id=f63ba36dd9cc01ca6da83fa05ddd12419ad8953e
upstream: http://git.gnome.org/cgit/gimp/commit/?id=16e6a37687bb4b9748c5a5d166d90f5d5bd2e9f3
vendor: https://bugzilla.redhat.com/attachment.cgi?id=374812

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading