In association with heise online

04 July 2007, 14:33

Vulnerability in Gimp image processing software

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Secunia has reported a security vulnerability in the widely-used open source image processing software tool Gimp, which may allow a PC to be compromised using crafted images. However, the security service provider expresses itself quite vaguely in their advisory concerning this matter. Currently information suggests that exploits will probably only cause the application to crash.

According to the security advisory, the vulnerability is located in the function seek_to_and_unpack_pixeldata in the file plug-ins/common/psd.c for images in Adobe Photoshop PSD format. When a PSD file with extremely large width or height values is opened, a heap overflow occurs which could allow code to be injected and executed with the privileges of the registered user – unfortunately mostly with administrator privileges under Windows, and under Unix and Mac OS X generally with restricted privileges.

According to Secunia, the current stable Version 2.2.15 for Windows, Unix and Mac OS X and probably previous versions are affected. The vulnerability has already been eliminated in the developer subversion repositories, but a new Gimp version is still not yet available. Users who don't want to compile Gimp themselves should wait until a new version is released before processing PSD files from unknown sources.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit