Lucene search

K

[email protected]CVE-2007-2949

HistoryJul 04, 2007 - 3:30 p.m.

CVE-2007-2949

2007-07-0415:30:00

CWE-190

[email protected]

web.nvd.nist.gov

33

cve-2007-2949

integer overflow

gimp

psd

remote code execution

nvd

vulnerability

7.4 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.519 Medium

EPSS

Percentile

97.5%

Integer overflow in the seek_to_and_unpack_pixeldata function in the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute arbitrary code via a crafted PSD file that contains a large (1) width or (2) height value.

CPENameOperatorVersion
gimp:gimpgimple2.2.15
canonical:ubuntu_linuxcanonical ubuntu linuxeq7.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq6.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq6.06

References

issues.foresightlinux.org/browse/FL-457

osvdb.org/37804

secunia.com/advisories/25677

secunia.com/advisories/25949

secunia.com/advisories/26044

secunia.com/advisories/26132

secunia.com/advisories/26215

secunia.com/advisories/26384

secunia.com/advisories/26575

secunia.com/advisories/26939

secunia.com/advisories/28114

secunia.com/secunia_research/2007-63/advisory/

security.gentoo.org/glsa/glsa-200707-09.xml

sunsolve.sun.com/search/document.do?assetkey=1-26-103170-1

sunsolve.sun.com/search/document.do?assetkey=1-66-201320-1

svn.gnome.org/viewcvs/gimp?view=revision&revision=22798

www.debian.org/security/2007/dsa-1335

www.kb.cert.org/vuls/id/399896

www.mandriva.com/security/advisories?name=MDKSA-2007:170

www.novell.com/linux/security/advisories/2007_15_sr.html

www.redhat.com/support/errata/RHSA-2007-0513.html

www.securityfocus.com/bid/24745

www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.360191

www.ubuntu.com/usn/usn-480-1

www.vupen.com/english/advisories/2007/2421

www.vupen.com/english/advisories/2007/4241

exchange.xforce.ibmcloud.com/vulnerabilities/35246

issues.rpath.com/browse/RPL-1487

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11276

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5772

7.4 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.519 Medium

EPSS

Percentile

97.5%

Related for CVE-2007-2949

nessus12 debiancve1 openvas16 veracode1 securityvulns1 prion1 ubuntu1 ubuntucve1 cert1 slackware1 osv1 debian1 gentoo1 centos2 oraclelinux1 redhat1