Andres Gomez

**Name of the Vulnerable Software and Affected Versions** GIMP versions 2.8.2 GIMP version 2.2.13 **Description** The issue involves multiple stack-based buffer overflows in the X Window Dump (XWD) plug-in, specifically in file-xwd.c, which can be exploited remotely. This can lead to a denial of service (crash) and possibly allow remote attackers to execute arbitrary code via a large color mask in an XWD file, affecting the confidentiality, integrity, and availability of protected information. **Recommendations** For GIMP version 2.8.2, consider disabling the XWD plug-in until a patch is available. For GIMP version 2.2.13, restrict access to the XWD file handling functionality to minimize the risk of exploitation. As a temporary workaround, avoid using the XWD plug-in in GIMP until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** FlightGear versions 2.6 and earlier SimGear versions 2.6 and earlier **Description** The issue allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in certain data chunk values in an aircraft xml model. This affects files such as `fgfs/flightgear/src/Cockpit/panel.cxx`, `fgfs/flightgear/src/Network/generic.cxx`, or `simgear/simgear/scene/model/SGText.cxx` in scene graph models. **Recommendations** For FlightGear versions 2.6 and earlier, consider updating to a version later than 2.6 to resolve the issue. For SimGear versions 2.6 and earlier, consider updating to a version later than 2.6 to resolve the issue. As a temporary workaround, consider restricting the use of format string specifiers in aircraft xml models to minimize the risk of exploitation.