CVE-2012-3403

Publication date 25 August 2012

Last updated 24 July 2024


Ubuntu priority

Heap-based buffer overflow in the KiSS CEL file format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted KiSS palette file, which triggers an "invalid free."

Status

Package Ubuntu Release Status
gimp 12.04 LTS precise
Fixed 2.6.12-1ubuntu1.1
11.10 oneiric
Fixed 2.6.11-2ubuntu4.1
11.04 natty
Fixed 2.6.11-1ubuntu6.3
10.04 LTS lucid
Fixed 2.6.8-2ubuntu1.5
8.04 LTS hardy Ignored end of life

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
gimp