Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2010-4541

Published: 7 January 2011

Stack-based buffer overflow in the loadit function in plug-ins/common/sphere-designer.c in the SPHERE DESIGNER plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long "Number of lights" field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself.

Priority

Low

Status

Package Release Status
gimp
Launchpad, Ubuntu, Debian
dapper Ignored
(end of life)
hardy
Released (2.4.5-1ubuntu2.3)
karmic
Released (2.6.7-1ubuntu1.2)
lucid
Released (2.6.8-2ubuntu1.2)
maverick
Released (2.6.10-1ubuntu3.2)
upstream Needs triage

Patches:
upstream: http://git.gnome.org/browse/gimp/commit/?id=7fb0300e1cfdb98a3bde54dbc73a0f3eda375162
This vulnerability is mitigated in part by the use of gcc's stack protector in Ubuntu.