Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200707-09
HistoryJul 25, 2007 - 12:00 a.m.

GIMP: Multiple integer overflows

2007-07-2500:00:00
Gentoo Foundation
security.gentoo.org
6

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.519 Medium

EPSS

Percentile

97.5%

JSON

Background

GIMP is the GNU Image Manipulation Program.

Description

Sean Larsson from iDefense Labs discovered multiple integer overflows in various GIMP plugins (CVE-2006-4519). Stefan Cornelius from Secunia Research discovered an integer overflow in the seek_to_and_unpack_pixeldata() function when processing PSD files (CVE-2007-2949).

Impact

A remote attacker could entice a user to open a specially crafted image file, possibly resulting in the execution of arbitrary code with the privileges of the user running GIMP.

Workaround

There is no known workaround at this time.

Resolution

All GIMP users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-gfx/gimp-2.2.16"
OSVersionArchitecturePackageVersionFilename
Gentooanyallmedia-gfx/gimp< 2.2.16UNKNOWN

Related

nessus 14
openvas 21
osv 1
debian 1
centos 2
redhat 1
oraclelinux 1
securityvulns 3
ubuntucve 2
veracode 2
ubuntu 2
cve 2
debiancve 2
cert 1
slackware 1
prion 1
nessus
nessus
Ubuntu 6.06 LTS / 6.10 / 7.04 : gimp vulnerability (USN-494-1)
2007-11-10 00:00:00
Debian DSA-1335-1 : gimp - several vulnerabilities
2007-07-23 00:00:00
GLSA-200707-09 : GIMP: Multiple integer overflows
2007-07-27 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200707-09 (gimp)
2008-09-24 00:00:00
Debian: Security Advisory (DSA-1335-1)
2008-01-17 00:00:00
Gentoo Security Advisory GLSA 200707-09 (gimp)
2008-09-24 00:00:00
osv
osv
gimp
2007-07-18 00:00:00
debian
debian
[SECURITY] [DSA 1335-1] New gimp packages fix arbitrary code execution
2007-07-18 21:47:38
centos
centos
gimp security update
2007-09-26 09:22:41
gimp security update
2007-10-04 00:25:56
redhat
redhat
(RHSA-2007:0513) Moderate: gimp security update
2007-09-26 00:00:00
oraclelinux
oraclelinux
Moderate: gimp security update
2007-09-26 00:00:00
securityvulns
securityvulns
iDefense Security Advisory 07.09.07: Multiple Vendor GIMP Multiple Integer Overflow Vulnerabilities
2007-07-10 00:00:00
GIMP GNU image manipulation program multiple security vulnerabilities
2007-07-10 00:00:00
GIMP GNU image manipulation program buffer overflow
2007-07-05 00:00:00
ubuntucve
ubuntucve
CVE-2006-4519
2007-07-10 00:00:00
CVE-2007-2949
2007-07-04 00:00:00
veracode
veracode
Integer Overflow
2020-04-10 00:16:06
Integer Overflow
2020-04-10 00:16:06
ubuntu
ubuntu
Gimp vulnerability
2007-08-02 00:00:00
Gimp vulnerability
2007-07-04 00:00:00
cve
cve
CVE-2006-4519
2007-07-10 18:30:00
CVE-2007-2949
2007-07-04 15:30:00
debiancve
debiancve
CVE-2006-4519
2007-07-10 18:30:00
CVE-2007-2949
2007-07-04 15:30:00
cert
cert
GIMP integer overflow vulnerability
2007-08-15 00:00:00
slackware
slackware
[slackware-security] gimp
2007-08-11 05:54:29
prion
prion
Integer overflow
2007-07-04 15:30:00

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.519 Medium

EPSS

Percentile

97.5%

JSON
Related for GLSA-200707-09
nessus14openvas21osv1debian1centos2redhat1oraclelinux1securityvulns3ubuntucve2veracode2ubuntu2cve2debiancve2cert1slackware1prion1