Arbitrary code execution due to integer overflow vulnerabilities in GIMP when handling DICOM, PNM, PSD, PSP, Sun RAS, XBm, and XWD file formats. The vulnerability in the Sun RAS format handling has been known since April, but the other formats are new disclosures.

Description:

iDefense have released an advisory that expands on a previously known issue (Sunnet Alert Advisory #227 - April 07) affecting GIMP and the handling of various image types through external plugins. Previously, it was known that the SunRAS format was vulnerable, but numerous other formats are now known to be vulnerable.

Successful exploitation requires the victim to open a malicious image file in GIMP.

Mitigation:

Update to GIMP version 2.2.16 at the earliest opportunity. Alternatively, move unused (and affected) image handling plugins out of the gimp/2.0/plug-ins directory.

Updates:

http://developer.gimp.org/NEWS-2.2

Source:

http://labs.idefense.com/intelligence/vulnerabilities/

Exploits:

CVE-ID: CVE-2006-4519