Your submission was sent successfully! Close

CVE-2013-1978

Published: 4 December 2013

Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window System (XWD) image dump with more colors than color map entries.

Priority

Medium

Status

Package Release Status
gimp
Launchpad, Ubuntu, Debian
lucid Ignored
(reached end-of-life)
precise
Released (2.6.12-1ubuntu1.3)
quantal
Released (2.8.2-1ubuntu1.2)
raring
Released (2.8.4-1ubuntu1.1)
saucy
Released (2.8.6-1ubuntu1.1)
upstream Needed

Patches:
upstream: https://git.gnome.org/browse/gimp/commit/?id=23f685931e5f000dd033a45c60c1e60d7f78caf4