Nortel Response to Sun Alert 201320 - Multiple Security Vulnerabilities Within the GIMP Plugins
| Description: |
Sun Microsystems has recently issued Sun Alert 201320 - Multiple Security Vulnerabilities Within the GIMP Plugins. Some Nortel products contain this software as a component and thus are potentially affected by the vulnerabilities addressed. This bulletin provides a multi-product consolidated response for the Nortel products which are potentially affected. Sun Alert 201320 (http://sunsolve.sun.com/search/document.do?assetkey=1-66-201320-1) This bulletin addresses the following CVEs: 1) CVE-2005-1046 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1046) Buffer overflow in the kimgio library for KDE 3.4.0 allows remote attackers to execute arbitrary code via a crafted PCX image file. 2) CVE-2007-2356 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2356) Stack-based buffer overflow in the set_color_table function in sunras.c in the SUNRAS plugin in Gimp 2.2.14 allows user-assisted remote attackers to execute arbitrary code via a crafted RAS file. 3) CVE-2007-2949 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2949) Integer overflow in the seek_to_and_unpack_pixeldata function in the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute arbitrary code via a crafted PSD file that contains a large (1) width or (2) height value. Before taking any action please ensure that you are viewing the latest official version of this security advisory by referencing http://www.nortel.com/securityadvisories |
| Type: |
Security Advisories |
| Number: |
2008009107, Rev 1 |
| Status: |
Retired |
| Date: |
2009-03-31 |
