Subject: gimp: four buffer overflows Package: gimp Version: 2.6.11-1 Severity: important Tags: security
Here is a PoC for four new buffer overflows in GIMP. Compile it with open-cobol. -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages gimp depends on: ii gimp-data 2.6.11-1 Data files for GIMP ii libaa1 1.4p5-38 ascii art library ii libatk1.0-0 1.30.0-1 The ATK accessibility toolkit ii libbabl-0.0-0 0.0.22-1 Dynamic, any to any, pixel format ii libc6 2.11.2-7 Embedded GNU C Library: Shared lib ii libcairo2 1.8.10-6 The Cairo 2D vector graphics libra ii libdbus-1-3 1.2.24-4 simple interprocess messaging syst ii libdbus-glib-1-2 0.88-2.1 simple interprocess messaging syst ii libexif12 0.6.19-1 library to parse EXIF files ii libfontconfig1 2.8.0-2.1 generic font configuration library ii libfreetype6 2.4.2-2.1 FreeType 2 font engine, shared lib ii libgegl-0.0-0 0.0.22-2+b1 Generic Graphics Library ii libgimp2.0 2.6.11-1 Libraries for the GNU Image Manipu ii libglib2.0-0 2.24.2-1 The GLib library of C routines ii libgtk2.0-0 2.20.1-2 The GTK+ graphical user interface ii libhal1 0.5.14-3 Hardware Abstraction Layer - share ii libjpeg62 6b1-1 The Independent JPEG Group's JPEG ii liblcms1 1.18.dfsg-1.2+b3 Color management library ii libmng1 1.0.10-1+b1 Multiple-image Network Graphics li ii libpango1.0-0 1.28.3-1 Layout and rendering of internatio ii libpng12-0 1.2.44-1 PNG library - runtime ii libpoppler-glib4 0.12.4-1.2 PDF rendering library (GLib-based ii librsvg2-2 2.26.3-1 SAX-based renderer library for SVG ii libtiff4 3.9.4-5 Tag Image File Format (TIFF) libra ii libwebkit-1.0-2 1.2.5-2.1 Web content engine library for Gtk ii libwmf0.2-7 0.2.8.4-6.1+b1 Windows metafile conversion librar ii libx11-6 2:1.3.3-4 X11 client-side library ii libxext6 2:1.1.2-1 X11 miscellaneous extension librar ii libxfixes3 1:4.0.5-1 X11 miscellaneous 'fixes' extensio ii libxmu6 2:1.0.5-2 X11 miscellaneous utility library ii libxpm4 1:3.5.8-1 X11 pixmap library ii python 2.6.6-3+squeeze4 interactive high-level object-orie ii python-gtk2 2.17.0-4 Python bindings for the GTK+ widge ii python-support 1.0.10 automated rebuilding support for P ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime gimp recommends no packages. Versions of packages gimp suggests: ii ghostscript 8.71~dfsg2-6 The GPL Ghostscript PostScript/PDF pn gimp-data-extras <none> (no description available) pn gimp-help-en | gimp-help <none> (no description available) ii gvfs-backends 1.6.4-2 userspace virtual filesystem - bac ii libasound2 1.0.23-2.1 shared library for ALSA applicatio -- no debconf information -- non-customers crew | http://rock-madrid.com/ -- _______________________________________________ Surf the Web in a faster, safer and easier way: Download Opera 9 at http://www.opera.com
gimp-overflows-poc-in-cobol.cob
Description: Binary data
