Some vulnerabilities have been reported in GIMP, which can be exploited by malicious people to compromise a user's system.

1) An error exists within the parsing of KiSS palette files and can be exploited to cause a heap-based buffer overflow via a specially crafted palette file.

2) An integer overflow error within the "ReadImage()" function (plug-ins/common/file-gif-load.c) when parsing the "height" and "len" properties of an image file can be exploited to cause a heap-based buffer overflow via a specially crafted GIF file.

These vulnerabilities are reported in all 2.8.x and prior versions.

3) An error in the X Window Dump (XWD) plug-in when processing the color masks can be exploited to cause a stack-based buffer overflow via a specially crafted XWD file.

This vulnerability is confirmed in version 2.8.2 running on Windows.

Successful exploitation of the vulnerabilities allows execution of arbitrary code.

Solution
Fixed in the GIT repository.
Further details available to Secunia VIM customers

Provided and/or discovered by
1) Murray McAllister, Red Hat
2) Matthias Weckbecker, Suse
3) Andres Gomez via a bug report

Changelog
Further details available to Secunia VIM customers

Original Advisory
Red Hat:
https://bugzilla.redhat.com/show_bug.cgi?id=839020

Suse:
http://www.openwall.com/lists/oss-security/2012/08/20/8

Andres Gomez:
https://bugzilla.gnome.org/show_bug.cgi?id=687392

Deep Links
Links available to Secunia VIM customers