In association with heise online

10 July 2007, 09:52

GIMP 2.2.16 fixes security vulnerabilities

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The GIMP development team has released version 2.2.16 of the open source image editing package. The new version fixes security related bugs by means of which attackers were able to use crafted images to execute arbitrary code on computers running the software.

According to security service provider iDefense, numerous plugins use a value from the image file to calculate the size of a buffer when loading various image formats. However, there is no integer overflow checking, with the result that a heap overflow can occur. The plugins for DICOM, PNM, PSD, PSP, Sun RAS, XBM and XWD images are all affected.

Version 2.2.16 fixes these security vulnerabilities. The bug in processing PSD files reported by Secunia last week is also fixed in the new version. GIMP users should update to version 2.2.16 as soon as it becomes available. Linux distributors should be releasing updated packages shortly.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit