Fluid Attacks Database

Description

Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window System (XWD) image dump with more colors than color map entries.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	gimp	>=0 <2.8.10-0.1	2.8.10-0.1
debian 14	gimp	>=0 <2.8.10-0.1	2.8.10-0.1
debian 12	gimp	>=0 <2.8.10-0.1	2.8.10-0.1
debian 11	gimp	>=0 <2.8.10-0.1	2.8.10-0.1
rpm rhel5	gimp	<2:2.2.13-3.el5_10	2:2.2.13-3.el5_10
rpm rhel6	gimp	<2:2.6.9-6.el6_5	2:2.6.9-6.el6_5

Aliases

1. CVE-2013-19782. NVD-2013-19783. OSV-DEBIAN-2013-19784. OSV-2013-19785. SECURITY-TRACKER-CVE-2013-1978

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.