gimp seems to be affected by CVE-2011-2896 :
Upstream patch :
I would fix this bug, if I could figure out how to download the patch as plaintext using the web-interface (so it can be applied by GNU patch). Can anyone enlighten me?
There is link (patch): http://git.gnome.org/browse/gimp/patch/plug-ins/common/file-gif-load.c?id=376ad788c1a1c31d40f18494889c383f6909ebfc
Assigning to QA, so they can update the GIMP package on Mageia 1 for CVE-2011-2896 . The updated package is in updates_testing.
I found what was supposed to be a poc at
however the core release version of gimp does not crash here,
so I'm not sure our version is susceptible.
Looks like all we can test is that it installed cleanly,
and still works.
Testing complete on i586 for the srpm
I think you are right Dave, I've tried with the one you found and a different one aswell and neither caused a crash.
I found 3 gif's in the end.
After update I get messages like..
GIF: bogus character 0xc8, ignoring.
GIF: bogus character 0xb0, ignoring.
GIF: bogus character 0x61, ignoring.
GIF: bogus character 0xc2, ignoring.
GIF: bogus character 0x80, ignoring.
GIF: bogus character 0x00, ignoring.
GIF: missing EOD in data stream (common occurence)GIF: missing EOD in data stream (common occurence)
and I'll attach a screenshot of the error being caught by gimp.
Testing complete x86_64
Created attachment 1007 [details]
Gimp error message
This update addresses a security issue - CVE-2011-2896
GIF image file format readers in various open source projects are based on the
GIF decoder implementation written by David Koblas. This implementation
contains a bug in the LZW decompressor, causing it to incorrectly handle
compressed streams that contain code words that were not yet added to the
decompression table. LZW decompression has a special case (a KwKwK string)
when code word may match the first free entry in the decompression table. The
implementation used in this GIF reading code allows code words not only
matching, but also exceeding the first free entry.
This problem is identical to a bug found in BSD compress (CVE-2011-2895), but given the unclear relationship between BSD compress and GIF
decoder code bases, separate CVE is used here.
Could sysadmin please push from core/updates_testing to core/updates