Your submission was sent successfully! Close

CVE-2013-1913

Published: 4 December 2013

Integer overflow in the load_image function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large color entries value in an X Window System (XWD) image dump.

Priority

Medium

Status

Package Release Status
gimp
Launchpad, Ubuntu, Debian
lucid Ignored
(reached end-of-life)
precise
Released (2.6.12-1ubuntu1.3)
quantal
Released (2.8.2-1ubuntu1.2)
raring
Released (2.8.4-1ubuntu1.1)
saucy
Released (2.8.6-1ubuntu1.1)
upstream Needed

Patches:
upstream: https://git.gnome.org/browse/gimp/commit/?id=32ae0f83e5748299641cceaabe3f80f1b3afd03e