Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-2426.NASL
HistoryMar 07, 2012 - 12:00 a.m.

Debian DSA-2426-1 : gimp - several vulnerabilities

2012-03-0700:00:00
This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
JSON

Several vulnerabilities have been identified in GIMP, the GNU Image Manipulation Program.

  • CVE-2010-4540 Stack-based buffer overflow in the load_preset_response function in plug-ins/lighting/lighting-ui.c in the ‘LIGHTING EFFECTS & LIGHT’ plugin allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long ‘Position’ field in a plugin configuration file.

  • CVE-2010-4541 Stack-based buffer overflow in the loadit function in plug-ins/common/sphere-designer.c in the ‘SPHERE DESIGNER’ plugin allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long ‘Number of lights’ field in a plugin configuration file.

  • CVE-2010-4542 Stack-based buffer overflow in the gfig_read_parameter_gimp_rgb function in the GFIG plugin allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long ‘Foreground’ field in a plugin configuration file.

  • CVE-2010-4543 Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image file that begins a long run count at the end of the image.

  • CVE-2011-1782 The correction for CVE-2010-4543 was incomplete.

  • CVE-2011-2896 The LZW decompressor in the LZWReadByte function in plug-ins/common/file-gif-load.c does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-2426. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(58250);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2010-4540", "CVE-2010-4541", "CVE-2010-4542", "CVE-2010-4543", "CVE-2011-1782", "CVE-2011-2896");
  script_bugtraq_id(45647, 48277, 49148);
  script_xref(name:"DSA", value:"2426");

  script_name(english:"Debian DSA-2426-1 : gimp - several vulnerabilities");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several vulnerabilities have been identified in GIMP, the GNU Image
Manipulation Program.

  - CVE-2010-4540
    Stack-based buffer overflow in the load_preset_response
    function in plug-ins/lighting/lighting-ui.c in the
    'LIGHTING EFFECTS & LIGHT' plugin allows user-assisted
    remote attackers to cause a denial of service
    (application crash) or possibly execute arbitrary code
    via a long 'Position' field in a plugin configuration
    file.

  - CVE-2010-4541
    Stack-based buffer overflow in the loadit function in
    plug-ins/common/sphere-designer.c in the 'SPHERE
    DESIGNER' plugin allows user-assisted remote attackers
    to cause a denial of service (application crash) or
    possibly execute arbitrary code via a long 'Number of
    lights' field in a plugin configuration file.

  - CVE-2010-4542
    Stack-based buffer overflow in the
    gfig_read_parameter_gimp_rgb function in the GFIG plugin
    allows user-assisted remote attackers to cause a denial
    of service (application crash) or possibly execute
    arbitrary code via a long 'Foreground' field in a plugin
    configuration file.

  - CVE-2010-4543
    Heap-based buffer overflow in the read_channel_data
    function in file-psp.c in the Paint Shop Pro (PSP)
    plugin allows remote attackers to cause a denial of
    service (application crash) or possibly execute
    arbitrary code via a PSP_COMP_RLE (aka RLE compression)
    image file that begins a long run count at the end of
    the image.

  - CVE-2011-1782
    The correction for CVE-2010-4543 was incomplete.

  - CVE-2011-2896
    The LZW decompressor in the LZWReadByte function in
    plug-ins/common/file-gif-load.c does not properly handle
    code words that are absent from the decompression table
    when encountered, which allows remote attackers to
    trigger an infinite loop or a heap-based buffer
    overflow, and possibly execute arbitrary code, via a
    crafted compressed stream."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2010-4540"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2010-4541"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2010-4542"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2010-4543"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2011-1782"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2010-4543"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2011-2896"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/squeeze/gimp"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2012/dsa-2426"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the gimp packages.

For the stable distribution (squeeze), these problems have been fixed
in version 2.6.10-1+squeeze3."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gimp");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2012/03/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/03/07");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"6.0", prefix:"gimp", reference:"2.6.10-1+squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"gimp-data", reference:"2.6.10-1+squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"gimp-dbg", reference:"2.6.10-1+squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"libgimp2.0", reference:"2.6.10-1+squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"libgimp2.0-dev", reference:"2.6.10-1+squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"libgimp2.0-doc", reference:"2.6.10-1+squeeze3")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxgimpp-cpe:/a:debian:debian_linux:gimp
debiandebian_linux6.0cpe:/o:debian:debian_linux:6.0

Related

openvas 72
fedora 12
osv 1
debian 2
nessus 56
oraclelinux 6
ubuntu 4
redhat 5
securityvulns 4
centos 3
debiancve 7
prion 6
cve 7
ubuntucve 8
gentoo 1
veracode 5
openvas
openvas
Fedora Update for gimp FEDORA-2011-10782
2011-08-27 00:00:00
Fedora Update for gimp FEDORA-2011-10782
2011-08-27 00:00:00
Debian Security Advisory DSA 2426-1 (gimp)
2012-03-12 00:00:00
fedora
fedora
[SECURITY] Fedora 15 Update: gimp-2.6.11-21.fc15
2011-08-19 21:59:46
[SECURITY] Fedora 14 Update: gimp-2.6.11-21.fc14
2011-08-23 04:38:04
[SECURITY] Fedora 15 Update: gimp-2.6.11-14.fc15
2011-05-27 20:17:47
osv
osv
gimp - several
2012-03-06 00:00:00
debian
debian
[SECURITY] [DSA 2426-1] gimp security update
2012-03-06 18:46:58
[SECURITY] [DSA 2354-1] cups security update
2011-11-30 17:39:49
nessus
nessus
Fedora 14 : gimp-2.6.11-14.fc14 (2011-7393)
2011-06-07 00:00:00
Fedora 13 : gimp-2.6.11-14.fc13 (2011-7397)
2011-06-09 00:00:00
Mandriva Linux Security Advisory : gimp (MDVSA-2011:103)
2011-05-31 00:00:00
oraclelinux
oraclelinux
gimp security update
2011-06-01 00:00:00
gimp security update
2011-05-31 00:00:00
gimp security update
2011-05-31 00:00:00
ubuntu
ubuntu
GIMP vulnerabilities
2011-04-13 00:00:00
GIMP vulnerability
2011-06-13 00:00:00
GIMP vulnerability
2011-09-22 00:00:00
redhat
redhat
(RHSA-2011:0839) Moderate: gimp security update
2011-05-31 00:00:00
(RHSA-2011:0838) Moderate: gimp security update
2011-05-31 00:00:00
(RHSA-2011:0837) Moderate: gimp security update
2011-05-31 00:00:00
securityvulns
securityvulns
[USN-1109-1] GIMP vulnerabilities
2011-04-14 00:00:00
GIMP multiple security vulnerabilities
2011-04-14 00:00:00
[USN-1214-1] GIMP vulnerability
2011-09-26 00:00:00
centos
centos
gimp security update
2011-05-31 17:02:44
gimp security update
2011-06-01 12:26:39
gimp security update
2012-08-20 16:23:59
debiancve
debiancve
CVE-2011-1782
2011-07-27 02:42:00
CVE-2010-4543
2011-01-07 20:00:00
CVE-2010-4540
2011-01-07 20:00:00
prion
prion
Heap overflow
2011-07-27 02:42:00
Heap overflow
2011-01-07 20:00:00
Stack overflow
2011-01-07 20:00:00
cve
cve
CVE-2011-1782
2011-07-27 02:42:00
CVE-2010-4540
2011-01-07 20:00:00
CVE-2010-4541
2011-01-07 20:00:00
ubuntucve
ubuntucve
CVE-2011-1782
2011-06-08 00:00:00
CVE-2010-4543
2011-01-07 00:00:00
CVE-2010-4540
2011-01-07 00:00:00
gentoo
gentoo
GIMP: Multiple vulnerabilities
2012-09-28 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:56:37
Arbitrary Code Execution
2020-04-10 00:56:37
Arbitrary Code Execution
2020-04-10 00:56:36
JSON
Related for DEBIAN_DSA-2426.NASL
openvas72fedora12osv1debian2nessus56oraclelinux6ubuntu4redhat5securityvulns4centos3debiancve7prion6cve7ubuntucve8gentoo1veracode5