gimp seems to be affected by CVE-2011-2896 : https://bugzilla.redhat.com/show_bug.cgi?id=727800#c11 Upstream patch : http://git.gnome.org/browse/gimp/commit/plug-ins/common/file-gif-load.c?id=376ad788c1a1c31d40f18494889c383f6909ebfc
I would fix this bug, if I could figure out how to download the patch as plaintext using the web-interface (so it can be applied by GNU patch). Can anyone enlighten me?
There is link (patch): http://git.gnome.org/browse/gimp/patch/plug-ins/common/file-gif-load.c?id=376ad788c1a1c31d40f18494889c383f6909ebfc
CC: (none) => sander.lepik
Assigning to QA, so they can update the GIMP package on Mageia 1 for CVE-2011-2896 . The updated package is in updates_testing.
Assignee: shlomif => qa-bugs
I found what was supposed to be a poc at http://www.swi-prolog.org/bugzilla/show_bug.cgi?id=9#c1 however the core release version of gimp does not crash here, so I'm not sure our version is susceptible. Looks like all we can test is that it installed cleanly, and still works. Testing complete on i586 for the srpm gimp-2.6.11-7.mga1.src.rpm
CC: (none) => davidwhodgins
I think you are right Dave, I've tried with the one you found and a different one aswell and neither caused a crash.
Testing x86_64 I found 3 gif's in the end. After update I get messages like.. GIF: bogus character 0xc8, ignoring. GIF: bogus character 0xb0, ignoring. GIF: bogus character 0x61, ignoring. GIF: bogus character 0xc2, ignoring. GIF: bogus character 0x80, ignoring. GIF: bogus character 0x00, ignoring. GIF: missing EOD in data stream (common occurence)GIF: missing EOD in data stream (common occurence) and I'll attach a screenshot of the error being caught by gimp. Testing complete x86_64
Created attachment 1007 [details] Gimp error message
Update validated Advisory --------------------- This update addresses a security issue - CVE-2011-2896 GIF image file format readers in various open source projects are based on the GIF decoder implementation written by David Koblas. This implementation contains a bug in the LZW decompressor, causing it to incorrectly handle compressed streams that contain code words that were not yet added to the decompression table. LZW decompression has a special case (a KwKwK string) when code word may match the first free entry in the decompression table. The implementation used in this GIF reading code allows code words not only matching, but also exceeding the first free entry. This problem is identical to a bug found in BSD compress (CVE-2011-2895), but given the unclear relationship between BSD compress and GIF decoder code bases, separate CVE is used here. --------------------- SRPM: gimp-2.6.11-7.mga1.src.rpm Could sysadmin please push from core/updates_testing to core/updates Thankyou!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Update pushed.
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED