1. Ubuntu Security Notices
  2. USN-1109-1

USN-1109-1: GIMP vulnerabilities

Publication date

13 April 2011

Overview

GIMP could be made to run programs as your login if it opened a specially crafted file.

Releases

Packages

  • gimp - The GNU Image Manipulation Program

Details

It was discovered that GIMP incorrectly handled malformed data in certain
plugin configuration files. If a user were tricked into opening a specially
crafted plugin configuration file, an attacker could cause GIMP to crash,
or possibly execute arbitrary code with the user's privileges. The default
compiler options for affected releases should reduce the vulnerability to a
denial of service. (CVE-2010-4540, CVE-2010-4541, CVE-2010-4542)

It was discovered that GIMP incorrectly handled malformed PSP image files.
If a user were tricked into opening a specially crafted PSP image file, an
attacker could cause GIMP to crash, or possibly execute arbitrary code with
the user's privileges. (CVE-2010-4543)

It was discovered that GIMP incorrectly handled malformed data in certain
plugin configuration files. If a user were tricked into opening a specially
crafted plugin configuration file, an attacker could cause GIMP to crash,
or possibly execute arbitrary code with the user's privileges. The default
compiler options for affected releases should reduce the vulnerability to a
denial of service. (CVE-2010-4540, CVE-2010-4541, CVE-2010-4542)

It was discovered that GIMP incorrectly handled malformed PSP image files.
If a user were tricked into opening a specially crafted PSP image file, an
attacker could cause GIMP to crash, or possibly execute arbitrary code with
the user's privileges. (CVE-2010-4543)

Update instructions

After a standard system update you need to restart GIMP to make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
9.10 karmic gimp –  2.6.7-1ubuntu1.2
8.04 hardy gimp –  2.4.5-1ubuntu2.3
10.10 maverick gimp –  2.6.10-1ubuntu3.2
10.04 lucid gimp –  2.6.8-2ubuntu1.2

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›