Fluid Attacks Database

Description

Integer overflow in the load_image function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large color entries value in an X Window System (XWD) image dump.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	gimp	>=0 <2.8.10-0.1	2.8.10-0.1
debian 12	gimp	>=0 <2.8.10-0.1	2.8.10-0.1
debian 13	gimp	>=0 <2.8.10-0.1	2.8.10-0.1
debian 14	gimp	>=0 <2.8.10-0.1	2.8.10-0.1
rpm rhel5	gimp	<2:2.2.13-3.el5_10	2:2.2.13-3.el5_10
rpm rhel6	gimp	<2:2.6.9-6.el6_5	2:2.6.9-6.el6_5

Aliases

1. CVE-2013-19132. NVD-2013-19133. OSV-DEBIAN-2013-19134. OSV-2013-19135. SECURITY-TRACKER-CVE-2013-1913

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.