CVE-2013-1978

Published: 4 December 2013

Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window System (XWD) image dump with more colors than color map entries.

Priority

Status

Package	Release	Status
gimp Launchpad, Ubuntu, Debian	lucid	Ignored (end of life)
	precise	Released (2.6.12-1ubuntu1.3)
	quantal	Released (2.8.2-1ubuntu1.2)
	raring	Released (2.8.4-1ubuntu1.1)
	saucy	Released (2.8.6-1ubuntu1.1)
	upstream	Needed
	Patches: upstream: https://git.gnome.org/browse/gimp/commit/?id=23f685931e5f000dd033a45c60c1e60d7f78caf4

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1978
https://ubuntu.com/security/notices/USN-2051-1
NVD
Launchpad
Debian

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731305
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1978

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›