Search...

openSUSE Security Update : gimp (openSUSE-SU-2011:0586-1)

2014-06-13T00:00:00

ID SUSE_11_3_GIMP-110531.NASL
Type nessus
Reporter This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2014-06-13T00:00:00

Description

This update fixes various overflows :

CVE-2011-1178: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE-2011-1782: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

                                        
                                            #%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update gimp-4637.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(75514);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2011-1178", "CVE-2011-1782");

  script_name(english:"openSUSE Security Update : gimp (openSUSE-SU-2011:0586-1)");
  script_summary(english:"Check for the gimp-4637 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update fixes various overflows :

  + CVE-2011-1178: CVSS v2 Base Score: 6.8
    (AV:N/AC:M/Au:N/C:P/I:P/A:P)

  + CVE-2011-1782: CVSS v2 Base Score: 6.8
    (AV:N/AC:M/Au:N/C:P/I:P/A:P)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=692877"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.opensuse.org/opensuse-updates/2011-06/msg00001.html"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected gimp packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gimp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gimp-branding-upstream");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gimp-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gimp-help-browser");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gimp-lang");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gimp-module-hal");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gimp-plugins-python");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.3");

  script_set_attribute(attribute:"patch_publication_date", value:"2011/05/31");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE11\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE11.3", reference:"gimp-2.6.8-7.5.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"gimp-branding-upstream-2.6.8-7.5.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"gimp-devel-2.6.8-7.5.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"gimp-help-browser-2.6.8-7.5.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"gimp-lang-2.6.8-7.5.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"gimp-module-hal-2.6.8-7.5.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"gimp-plugins-python-2.6.8-7.5.1") ) flag++;

if (flag)
{
  if (report_verbosity &gt; 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gimp");
}

JSON Vulners Source

Initial Source

{"id": "SUSE_11_3_GIMP-110531.NASL", "bulletinFamily": "scanner", "title": "openSUSE Security Update : gimp (openSUSE-SU-2011:0586-1)", "description": "This update fixes various overflows :\n\n + CVE-2011-1178: CVSS v2 Base Score: 6.8\n (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n + CVE-2011-1782: CVSS v2 Base Score: 6.8\n (AV:N/AC:M/Au:N/C:P/I:P/A:P)", "published": "2014-06-13T00:00:00", "modified": "2014-06-13T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/75514", "reporter": "This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://lists.opensuse.org/opensuse-updates/2011-06/msg00001.html", "https://bugzilla.novell.com/show_bug.cgi?id=692877"], "cvelist": ["CVE-2011-1178", "CVE-2011-1782"], "type": "nessus", "lastseen": "2021-01-17T14:07:15", "edition": 24, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2011-1178", "CVE-2011-1782"]}, {"type": "nessus", "idList": ["SUSE_11_4_GIMP-110531.NASL", "SL_20110531_GIMP_ON_SL4_X.NASL", "SUSE_GIMP-7543.NASL", "MANDRIVA_MDVSA-2011-110.NASL", "CENTOS_RHSA-2011-0837.NASL", "ORACLELINUX_ELSA-2011-0837.NASL", "REDHAT-RHSA-2011-0837.NASL", "FEDORA_2011-7397.NASL", "SUSE_11_GIMP-110531.NASL", "UBUNTU_USN-1147-1.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11589"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310870437", "OPENVAS:881260", "OPENVAS:1361412562310880489", "OPENVAS:831419", "OPENVAS:840681", "OPENVAS:870437", "OPENVAS:880489", "OPENVAS:1361412562310831419", "OPENVAS:1361412562310881260", "OPENVAS:1361412562310840681"]}, {"type": "ubuntu", "idList": ["USN-1147-1"]}, {"type": "centos", "idList": ["CESA-2011:0837", "CESA-2011:0838"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-0838", "ELSA-2011-0837"]}, {"type": "redhat", "idList": ["RHSA-2011:0837", "RHSA-2011:0838"]}, {"type": "fedora", "idList": ["FEDORA:34451110A59", "FEDORA:A661B11061A", "FEDORA:9806210F8E5", "FEDORA:D15B610F8A9", "FEDORA:37B4711095E"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2426-1:E60DB"]}, {"type": "gentoo", "idList": ["GLSA-201209-23"]}], "modified": "2021-01-17T14:07:15", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-01-17T14:07:15", "rev": 2}, "vulnersScore": 6.6}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update gimp-4637.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75514);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1178\", \"CVE-2011-1782\");\n\n script_name(english:\"openSUSE Security Update : gimp (openSUSE-SU-2011:0586-1)\");\n script_summary(english:\"Check for the gimp-4637 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes various overflows :\n\n + CVE-2011-1178: CVSS v2 Base Score: 6.8\n (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n + CVE-2011-1782: CVSS v2 Base Score: 6.8\n (AV:N/AC:M/Au:N/C:P/I:P/A:P)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=692877\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-06/msg00001.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gimp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gimp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gimp-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gimp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gimp-help-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gimp-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gimp-module-hal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gimp-plugins-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"gimp-2.6.8-7.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"gimp-branding-upstream-2.6.8-7.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"gimp-devel-2.6.8-7.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"gimp-help-browser-2.6.8-7.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"gimp-lang-2.6.8-7.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"gimp-module-hal-2.6.8-7.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"gimp-plugins-python-2.6.8-7.5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gimp\");\n}\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "75514", "cpe": ["p-cpe:/a:novell:opensuse:gimp-lang", "p-cpe:/a:novell:opensuse:gimp-plugins-python", "p-cpe:/a:novell:opensuse:gimp-module-hal", "p-cpe:/a:novell:opensuse:gimp", "p-cpe:/a:novell:opensuse:gimp-devel", "p-cpe:/a:novell:opensuse:gimp-help-browser", "p-cpe:/a:novell:opensuse:gimp-branding-upstream", "cpe:/o:novell:opensuse:11.3"], "scheme": null}

{"cve": [{"lastseen": "2020-10-03T11:39:27", "description": "Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image file that begins a long run count at the end of the image. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4543.", "edition": 3, "cvss3": {}, "published": "2011-07-27T02:42:00", "title": "CVE-2011-1782", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1782"], "modified": "2018-07-21T01:29:00", "cpe": ["cpe:/a:gimp:gimp:2.6.11"], "id": "CVE-2011-1782", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1782", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:gimp:gimp:2.6.11:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:39:05", "description": "Multiple integer overflows in the load_image function in file-pcx.c in the Personal Computer Exchange (PCX) plugin in GIMP 2.6.x and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PCX image that triggers a heap-based buffer overflow.", "edition": 5, "cvss3": {}, "published": "2011-06-06T19:55:00", "title": "CVE-2011-1178", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1178"], "modified": "2018-10-30T16:26:00", "cpe": ["cpe:/a:gimp:gimp:2.6.11", "cpe:/a:gnu:gimp:2.2.12", "cpe:/a:gnu:gimp:2.2.15", "cpe:/a:gnu:gimp:2.6.3", "cpe:/a:gnu:gimp:2.0.1", "cpe:/a:gnu:gimp:2.4.4", "cpe:/a:gnu:gimp:2.2.14", "cpe:/a:gnu:gimp:2.0.4", "cpe:/a:gnu:gimp:2.2.13", "cpe:/a:gnu:gimp:2.6.4", "cpe:/a:gnu:gimp:2.2.17", "cpe:/a:gnu:gimp:2.2.6", "cpe:/a:gnu:gimp:2.6.1", "cpe:/a:gnu:gimp:2.2.11", "cpe:/a:gnu:gimp:2.0.0", "cpe:/a:gnu:gimp:2.4.0", "cpe:/a:gnu:gimp:2.6.7", "cpe:/a:gnu:gimp:2.6.0", "cpe:/a:gnu:gimp:2.6.6", "cpe:/a:gnu:gimp:2.2.7", "cpe:/a:gnu:gimp:2.4.6", "cpe:/a:gnu:gimp:2.2.3", "cpe:/a:gnu:gimp:2.4.7", "cpe:/a:gnu:gimp:2.2.4", "cpe:/a:gnu:gimp:2.0.3", "cpe:/a:gnu:gimp:2.4.2", "cpe:/a:gnu:gimp:2.2.0", "cpe:/a:gnu:gimp:1.0.4", "cpe:/a:gnu:gimp:2.2.9", "cpe:/a:gnu:gimp:2.4.3", "cpe:/a:gimp:gimp:2.6.8", "cpe:/a:gnu:gimp:2.2.10", "cpe:/a:gnu:gimp:2.2.16", "cpe:/a:gnu:gimp:1.2.5", "cpe:/a:gnu:gimp:2.2.5", "cpe:/a:gnu:gimp:2.0.5", "cpe:/a:gnu:gimp:2.0.2", "cpe:/a:gnu:gimp:2.6.9", "cpe:/a:gnu:gimp:2.2.2", "cpe:/a:gnu:gimp:2.6.2", "cpe:/a:gnu:gimp:2.4.5", "cpe:/a:gnu:gimp:2.4.1", "cpe:/a:gnu:gimp:2.0.6", "cpe:/a:gnu:gimp:2.6.10", "cpe:/a:gnu:gimp:2.6.5", "cpe:/a:gnu:gimp:2.2.8", "cpe:/a:gnu:gimp:2.2.1"], "id": "CVE-2011-1178", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1178", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:gnu:gimp:2.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:gimp:gimp:2.6.11:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.2.15:*:*:*:*:*:*:*", "cpe:2.3:a:gimp:gimp:2.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.2.13:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.2.16:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.2.17:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gimp:2.2.14:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-01-17T14:08:39", "description": "This update fixes various overflows :\n\n + CVE-2011-1178: CVSS v2 Base Score: 6.8\n (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n + CVE-2011-1782: CVSS v2 Base Score: 6.8\n (AV:N/AC:M/Au:N/C:P/I:P/A:P)", "edition": 24, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : gimp (openSUSE-SU-2011:0586-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1178", "CVE-2011-1782"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libgimpui-2_0-0-debuginfo", "p-cpe:/a:novell:opensuse:gimp-lang", "p-cpe:/a:novell:opensuse:libgimpui-2_0-0-32bit", "p-cpe:/a:novell:opensuse:gimp-help-browser-debuginfo", "p-cpe:/a:novell:opensuse:gimp-module-hal-debuginfo", "p-cpe:/a:novell:opensuse:libgimp-2_0-0-32bit", "p-cpe:/a:novell:opensuse:gimp-debuginfo", "p-cpe:/a:novell:opensuse:libgimp-2_0-0-debuginfo", "p-cpe:/a:novell:opensuse:gimp-debugsource", "p-cpe:/a:novell:opensuse:gimp-plugins-python", "p-cpe:/a:novell:opensuse:libgimp-2_0-0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:gimp-module-hal", "cpe:/o:novell:opensuse:11.4", "p-cpe:/a:novell:opensuse:gimp", "p-cpe:/a:novell:opensuse:libgimpui-2_0-0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:gimp-devel", "p-cpe:/a:novell:opensuse:gimp-help-browser", "p-cpe:/a:novell:opensuse:gimp-branding-upstream", "p-cpe:/a:novell:opensuse:libgimpui-2_0-0", "p-cpe:/a:novell:opensuse:libgimp-2_0-0", "p-cpe:/a:novell:opensuse:gimp-plugins-python-debuginfo", "p-cpe:/a:novell:opensuse:gimp-devel-debuginfo"], "id": "SUSE_11_4_GIMP-110531.NASL", "href": "https://www.tenable.com/plugins/nessus/75849", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update gimp-4637.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75849);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1178\", \"CVE-2011-1782\");\n\n script_name(english:\"openSUSE Security Update : gimp (openSUSE-SU-2011:0586-1)\");\n script_summary(english:\"Check for the gimp-4637 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes various overflows :\n\n + CVE-2011-1178: CVSS v2 Base Score: 6.8\n (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n + CVE-2011-1782: CVSS v2 Base Score: 6.8\n (AV:N/AC:M/Au:N/C:P/I:P/A:P)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=692877\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-06/msg00001.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gimp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gimp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gimp-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gimp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gimp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gimp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gimp-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gimp-help-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gimp-help-browser-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gimp-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gimp-module-hal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gimp-module-hal-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gimp-plugins-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gimp-plugins-python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgimp-2_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgimp-2_0-0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgimp-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgimp-2_0-0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgimpui-2_0-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgimpui-2_0-0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgimpui-2_0-0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgimpui-2_0-0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"gimp-2.6.11-13.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"gimp-branding-upstream-2.6.11-13.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"gimp-debuginfo-2.6.11-13.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"gimp-debugsource-2.6.11-13.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"gimp-devel-2.6.11-13.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"gimp-devel-debuginfo-2.6.11-13.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"gimp-help-browser-2.6.11-13.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"gimp-help-browser-debuginfo-2.6.11-13.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"gimp-lang-2.6.11-13.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"gimp-module-hal-2.6.11-13.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"gimp-module-hal-debuginfo-2.6.11-13.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"gimp-plugins-python-2.6.11-13.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"gimp-plugins-python-debuginfo-2.6.11-13.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libgimp-2_0-0-2.6.11-13.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libgimp-2_0-0-debuginfo-2.6.11-13.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libgimpui-2_0-0-2.6.11-13.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libgimpui-2_0-0-debuginfo-2.6.11-13.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libgimp-2_0-0-32bit-2.6.11-13.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libgimp-2_0-0-debuginfo-32bit-2.6.11-13.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libgimpui-2_0-0-32bit-2.6.11-13.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libgimpui-2_0-0-debuginfo-32bit-2.6.11-13.14.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gimp\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T15:14:50", "description": "A number of heap-based buffer overflows have been found in The Gimp\naffecting the PCX (CVE-2011-1178), SGI, GBR and PAT (CVE-2011-1782)\nplugins. The update fixes these security issues.", "edition": 23, "published": "2011-12-13T00:00:00", "title": "SuSE 10 Security Update : gimp (ZYPP Patch Number 7543)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1178", "CVE-2011-1782"], "modified": "2011-12-13T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_GIMP-7543.NASL", "href": "https://www.tenable.com/plugins/nessus/57199", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57199);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-1178\", \"CVE-2011-1782\");\n\n script_name(english:\"SuSE 10 Security Update : gimp (ZYPP Patch Number 7543)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A number of heap-based buffer overflows have been found in The Gimp\naffecting the PCX (CVE-2011-1178), SGI, GBR and PAT (CVE-2011-1782)\nplugins. The update fixes these security issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1178.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1782.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7543.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"gimp-2.2.10-22.38.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"gimp-devel-2.2.10-22.38.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T14:38:40", "description": "A number of heap-based buffer overflows have been found in The Gimp\naffecting the PCX (CVE-2011-1178), SGI, GBR and PAT (CVE-2011-1782)\nplugins. The update fixes these security issues.", "edition": 23, "published": "2011-06-07T00:00:00", "title": "SuSE 11.1 Security Update : gimp (SAT Patch Number 4631)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1178", "CVE-2011-1782"], "modified": "2011-06-07T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:gimp-lang", "p-cpe:/a:novell:suse_linux:11:gimp-plugins-python", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:gimp"], "id": "SUSE_11_GIMP-110531.NASL", "href": "https://www.tenable.com/plugins/nessus/54985", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(54985);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-1178\", \"CVE-2011-1782\");\n\n script_name(english:\"SuSE 11.1 Security Update : gimp (SAT Patch Number 4631)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A number of heap-based buffer overflows have been found in The Gimp\naffecting the PCX (CVE-2011-1178), SGI, GBR and PAT (CVE-2011-1782)\nplugins. The update fixes these security issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=692877\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1178.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1782.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 4631.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:gimp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:gimp-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:gimp-plugins-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"gimp-2.6.2-3.34.31.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"gimp-lang-2.6.2-3.34.31.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"gimp-plugins-python-2.6.2-3.34.31.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"gimp-2.6.2-3.34.31.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"gimp-lang-2.6.2-3.34.31.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"gimp-plugins-python-2.6.2-3.34.31.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:53:20", "description": "A vulnerability was discovered and corrected in gimp :\n\nMultiple integer overflows in the load_image function in file-pcx.c in\nthe Personal Computer Exchange (PCX) plugin in GIMP 2.6.x and earlier\nallow remote attackers to cause a denial of service (application\ncrash) or possibly execute arbitrary code via a crafted PCX image that\ntriggers a heap-based buffer overflow (CVE-2011-1178).\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nThe updated packages have been patched to correct this issue.", "edition": 24, "published": "2011-06-20T00:00:00", "title": "Mandriva Linux Security Advisory : gimp (MDVSA-2011:110)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1178"], "modified": "2011-06-20T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:gimp-python", "cpe:/o:mandriva:linux:2009.0", "p-cpe:/a:mandriva:linux:lib64gimp2.0_0", "p-cpe:/a:mandriva:linux:gimp", "p-cpe:/a:mandriva:linux:libgimp2.0-devel", "p-cpe:/a:mandriva:linux:libgimp2.0_0", "p-cpe:/a:mandriva:linux:lib64gimp2.0-devel"], "id": "MANDRIVA_MDVSA-2011-110.NASL", "href": "https://www.tenable.com/plugins/nessus/55171", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:110. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55171);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-1178\");\n script_bugtraq_id(48057);\n script_xref(name:\"MDVSA\", value:\"2011:110\");\n\n script_name(english:\"Mandriva Linux Security Advisory : gimp (MDVSA-2011:110)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability was discovered and corrected in gimp :\n\nMultiple integer overflows in the load_image function in file-pcx.c in\nthe Personal Computer Exchange (PCX) plugin in GIMP 2.6.x and earlier\nallow remote attackers to cause a denial of service (application\ncrash) or possibly execute arbitrary code via a crafted PCX image that\ntriggers a heap-based buffer overflow (CVE-2011-1178).\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149 products_id=490\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gimp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gimp-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64gimp2.0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64gimp2.0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgimp2.0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgimp2.0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", reference:\"gimp-2.4.7-1.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"gimp-python-2.4.7-1.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64gimp2.0-devel-2.4.7-1.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64gimp2.0_0-2.4.7-1.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libgimp2.0-devel-2.4.7-1.3mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libgimp2.0_0-2.4.7-1.3mdv2009.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T06:35:05", "description": "Nils Philippsen discovered that GIMP incorrectly handled malformed PSP\nimage files. If a user were tricked into opening a specially crafted\nPSP image file, an attacker could cause GIMP to crash, or possibly\nexecute arbitrary code with the user's privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2011-06-14T00:00:00", "title": "Ubuntu 10.04 LTS / 10.10 / 11.04 : gimp vulnerability (USN-1147-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1782"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:gimp", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10"], "id": "UBUNTU_USN-1147-1.NASL", "href": "https://www.tenable.com/plugins/nessus/55113", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1147-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55113);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-1782\");\n script_bugtraq_id(48277);\n script_xref(name:\"USN\", value:\"1147-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 10.10 / 11.04 : gimp vulnerability (USN-1147-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Nils Philippsen discovered that GIMP incorrectly handled malformed PSP\nimage files. If a user were tricked into opening a specially crafted\nPSP image file, an attacker could cause GIMP to crash, or possibly\nexecute arbitrary code with the user's privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1147-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gimp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gimp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|10\\.10|11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 10.10 / 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"gimp\", pkgver:\"2.6.8-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"gimp\", pkgver:\"2.6.10-1ubuntu3.3\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"gimp\", pkgver:\"2.6.11-1ubuntu6.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gimp\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:27:01", "description": "Updated gimp packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe GIMP (GNU Image Manipulation Program) is an image composition and\nediting program.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the GIMP's Microsoft Windows Bitmap (BMP) and Personal\nComputer eXchange (PCX) image file plug-ins. An attacker could create\na specially crafted BMP or PCX image file that, when opened, could\ncause the relevant plug-in to crash or, potentially, execute arbitrary\ncode with the privileges of the user running the GIMP. (CVE-2009-1570,\nCVE-2011-1178)\n\nA heap-based buffer overflow flaw was found in the GIMP's Paint Shop\nPro (PSP) image file plug-in. An attacker could create a specially\ncrafted PSP image file that, when opened, could cause the PSP plug-in\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running the GIMP. (CVE-2010-4543)\n\nA stack-based buffer overflow flaw was found in the GIMP's Sphere\nDesigner image filter. An attacker could create a specially crafted\nSphere Designer filter configuration file that, when opened, could\ncause the Sphere Designer plug-in to crash or, potentially, execute\narbitrary code with the privileges of the user running the GIMP.\n(CVE-2010-4541)\n\nRed Hat would like to thank Stefan Cornelius of Secunia Research for\nresponsibly reporting the CVE-2009-1570 flaw.\n\nUsers of the GIMP are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The GIMP\nmust be restarted for the update to take effect.", "edition": 27, "published": "2011-06-02T00:00:00", "title": "CentOS 4 : gimp (CESA-2011:0837)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4541", "CVE-2011-1178", "CVE-2010-4543", "CVE-2009-1570"], "modified": "2011-06-02T00:00:00", "cpe": ["cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:gimp", "p-cpe:/a:centos:centos:gimp-devel"], "id": "CENTOS_RHSA-2011-0837.NASL", "href": "https://www.tenable.com/plugins/nessus/54936", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0837 and \n# CentOS Errata and Security Advisory 2011:0837 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(54936);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-1570\", \"CVE-2010-4541\", \"CVE-2010-4543\", \"CVE-2011-1178\");\n script_bugtraq_id(37006, 45647);\n script_xref(name:\"RHSA\", value:\"2011:0837\");\n\n script_name(english:\"CentOS 4 : gimp (CESA-2011:0837)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated gimp packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe GIMP (GNU Image Manipulation Program) is an image composition and\nediting program.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the GIMP's Microsoft Windows Bitmap (BMP) and Personal\nComputer eXchange (PCX) image file plug-ins. An attacker could create\na specially crafted BMP or PCX image file that, when opened, could\ncause the relevant plug-in to crash or, potentially, execute arbitrary\ncode with the privileges of the user running the GIMP. (CVE-2009-1570,\nCVE-2011-1178)\n\nA heap-based buffer overflow flaw was found in the GIMP's Paint Shop\nPro (PSP) image file plug-in. An attacker could create a specially\ncrafted PSP image file that, when opened, could cause the PSP plug-in\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running the GIMP. (CVE-2010-4543)\n\nA stack-based buffer overflow flaw was found in the GIMP's Sphere\nDesigner image filter. An attacker could create a specially crafted\nSphere Designer filter configuration file that, when opened, could\ncause the Sphere Designer plug-in to crash or, potentially, execute\narbitrary code with the privileges of the user running the GIMP.\n(CVE-2010-4541)\n\nRed Hat would like to thank Stefan Cornelius of Secunia Research for\nresponsibly reporting the CVE-2009-1570 flaw.\n\nUsers of the GIMP are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The GIMP\nmust be restarted for the update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-June/017603.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e79990a6\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-June/017604.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3613c703\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gimp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gimp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gimp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"gimp-2.0.5-7.0.7.el4.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"gimp-2.0.5-7.0.7.el4.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"gimp-devel-2.0.5-7.0.7.el4.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"gimp-devel-2.0.5-7.0.7.el4.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gimp / gimp-devel\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:09:16", "description": "Updated gimp packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe GIMP (GNU Image Manipulation Program) is an image composition and\nediting program.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the GIMP's Microsoft Windows Bitmap (BMP) and Personal\nComputer eXchange (PCX) image file plug-ins. An attacker could create\na specially crafted BMP or PCX image file that, when opened, could\ncause the relevant plug-in to crash or, potentially, execute arbitrary\ncode with the privileges of the user running the GIMP. (CVE-2009-1570,\nCVE-2011-1178)\n\nA heap-based buffer overflow flaw was found in the GIMP's Paint Shop\nPro (PSP) image file plug-in. An attacker could create a specially\ncrafted PSP image file that, when opened, could cause the PSP plug-in\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running the GIMP. (CVE-2010-4543)\n\nA stack-based buffer overflow flaw was found in the GIMP's Sphere\nDesigner image filter. An attacker could create a specially crafted\nSphere Designer filter configuration file that, when opened, could\ncause the Sphere Designer plug-in to crash or, potentially, execute\narbitrary code with the privileges of the user running the GIMP.\n(CVE-2010-4541)\n\nRed Hat would like to thank Stefan Cornelius of Secunia Research for\nresponsibly reporting the CVE-2009-1570 flaw.\n\nUsers of the GIMP are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The GIMP\nmust be restarted for the update to take effect.", "edition": 28, "published": "2011-06-01T00:00:00", "title": "RHEL 4 : gimp (RHSA-2011:0837)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4541", "CVE-2011-1178", "CVE-2010-4543", "CVE-2009-1570"], "modified": "2011-06-01T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:gimp", "p-cpe:/a:redhat:enterprise_linux:gimp-devel", "cpe:/o:redhat:enterprise_linux:4.8"], "id": "REDHAT-RHSA-2011-0837.NASL", "href": "https://www.tenable.com/plugins/nessus/54926", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0837. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(54926);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1570\", \"CVE-2010-4541\", \"CVE-2010-4543\", \"CVE-2011-1178\");\n script_bugtraq_id(37006, 45647);\n script_xref(name:\"RHSA\", value:\"2011:0837\");\n\n script_name(english:\"RHEL 4 : gimp (RHSA-2011:0837)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated gimp packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe GIMP (GNU Image Manipulation Program) is an image composition and\nediting program.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the GIMP's Microsoft Windows Bitmap (BMP) and Personal\nComputer eXchange (PCX) image file plug-ins. An attacker could create\na specially crafted BMP or PCX image file that, when opened, could\ncause the relevant plug-in to crash or, potentially, execute arbitrary\ncode with the privileges of the user running the GIMP. (CVE-2009-1570,\nCVE-2011-1178)\n\nA heap-based buffer overflow flaw was found in the GIMP's Paint Shop\nPro (PSP) image file plug-in. An attacker could create a specially\ncrafted PSP image file that, when opened, could cause the PSP plug-in\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running the GIMP. (CVE-2010-4543)\n\nA stack-based buffer overflow flaw was found in the GIMP's Sphere\nDesigner image filter. An attacker could create a specially crafted\nSphere Designer filter configuration file that, when opened, could\ncause the Sphere Designer plug-in to crash or, potentially, execute\narbitrary code with the privileges of the user running the GIMP.\n(CVE-2010-4541)\n\nRed Hat would like to thank Stefan Cornelius of Secunia Research for\nresponsibly reporting the CVE-2009-1570 flaw.\n\nUsers of the GIMP are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The GIMP\nmust be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1570\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4541\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4543\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:0837\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gimp and / or gimp-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gimp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gimp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:0837\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"gimp-2.0.5-7.0.7.el4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"gimp-devel-2.0.5-7.0.7.el4.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gimp / gimp-devel\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:45:42", "description": "The GIMP (GNU Image Manipulation Program) is an image composition and\nediting program.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the GIMP's Microsoft Windows Bitmap (BMP) and Personal\nComputer eXchange (PCX) image file plug-ins. An attacker could create\na specially crafted BMP or PCX image file that, when opened, could\ncause the relevant plug-in to crash or, potentially, execute arbitrary\ncode with the privileges of the user running the GIMP. (CVE-2009-1570,\nCVE-2011-1178)\n\nA heap-based buffer overflow flaw was found in the GIMP's Paint Shop\nPro (PSP) image file plug-in. An attacker could create a specially\ncrafted PSP image file that, when opened, could cause the PSP plug-in\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running the GIMP. (CVE-2010-4543)\n\nA stack-based buffer overflow flaw was found in the GIMP's Sphere\nDesigner image filter. An attacker could create a specially crafted\nSphere Designer filter configuration file that, when opened, could\ncause the Sphere Designer plug-in to crash or, potentially, execute\narbitrary code with the privileges of the user running the GIMP.\n(CVE-2010-4541)\n\nUsers of the GIMP are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The GIMP\nmust be restarted for the update to take effect.", "edition": 25, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : gimp on SL4.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4541", "CVE-2011-1178", "CVE-2010-4543", "CVE-2009-1570"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110531_GIMP_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61056", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61056);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1570\", \"CVE-2010-4541\", \"CVE-2010-4543\", \"CVE-2011-1178\");\n\n script_name(english:\"Scientific Linux Security Update : gimp on SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The GIMP (GNU Image Manipulation Program) is an image composition and\nediting program.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the GIMP's Microsoft Windows Bitmap (BMP) and Personal\nComputer eXchange (PCX) image file plug-ins. An attacker could create\na specially crafted BMP or PCX image file that, when opened, could\ncause the relevant plug-in to crash or, potentially, execute arbitrary\ncode with the privileges of the user running the GIMP. (CVE-2009-1570,\nCVE-2011-1178)\n\nA heap-based buffer overflow flaw was found in the GIMP's Paint Shop\nPro (PSP) image file plug-in. An attacker could create a specially\ncrafted PSP image file that, when opened, could cause the PSP plug-in\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running the GIMP. (CVE-2010-4543)\n\nA stack-based buffer overflow flaw was found in the GIMP's Sphere\nDesigner image filter. An attacker could create a specially crafted\nSphere Designer filter configuration file that, when opened, could\ncause the Sphere Designer plug-in to crash or, potentially, execute\narbitrary code with the privileges of the user running the GIMP.\n(CVE-2010-4541)\n\nUsers of the GIMP are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The GIMP\nmust be restarted for the update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1106&L=scientific-linux-errata&T=0&P=903\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5d679b61\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gimp, gimp-debuginfo and / or gimp-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"gimp-2.0.5-7.0.7.el4.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"gimp-debuginfo-2.0.5-7.0.7.el4.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"gimp-devel-2.0.5-7.0.7.el4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:45:58", "description": "From Red Hat Security Advisory 2011:0837 :\n\nUpdated gimp packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe GIMP (GNU Image Manipulation Program) is an image composition and\nediting program.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the GIMP's Microsoft Windows Bitmap (BMP) and Personal\nComputer eXchange (PCX) image file plug-ins. An attacker could create\na specially crafted BMP or PCX image file that, when opened, could\ncause the relevant plug-in to crash or, potentially, execute arbitrary\ncode with the privileges of the user running the GIMP. (CVE-2009-1570,\nCVE-2011-1178)\n\nA heap-based buffer overflow flaw was found in the GIMP's Paint Shop\nPro (PSP) image file plug-in. An attacker could create a specially\ncrafted PSP image file that, when opened, could cause the PSP plug-in\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running the GIMP. (CVE-2010-4543)\n\nA stack-based buffer overflow flaw was found in the GIMP's Sphere\nDesigner image filter. An attacker could create a specially crafted\nSphere Designer filter configuration file that, when opened, could\ncause the Sphere Designer plug-in to crash or, potentially, execute\narbitrary code with the privileges of the user running the GIMP.\n(CVE-2010-4541)\n\nRed Hat would like to thank Stefan Cornelius of Secunia Research for\nresponsibly reporting the CVE-2009-1570 flaw.\n\nUsers of the GIMP are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The GIMP\nmust be restarted for the update to take effect.", "edition": 25, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 : gimp (ELSA-2011-0837)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4541", "CVE-2011-1178", "CVE-2010-4543", "CVE-2009-1570"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:gimp", "p-cpe:/a:oracle:linux:gimp-devel", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2011-0837.NASL", "href": "https://www.tenable.com/plugins/nessus/68278", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:0837 and \n# Oracle Linux Security Advisory ELSA-2011-0837 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68278);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1570\", \"CVE-2010-4541\", \"CVE-2010-4543\", \"CVE-2011-1178\");\n script_bugtraq_id(37006, 45647);\n script_xref(name:\"RHSA\", value:\"2011:0837\");\n\n script_name(english:\"Oracle Linux 4 : gimp (ELSA-2011-0837)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:0837 :\n\nUpdated gimp packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe GIMP (GNU Image Manipulation Program) is an image composition and\nediting program.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the GIMP's Microsoft Windows Bitmap (BMP) and Personal\nComputer eXchange (PCX) image file plug-ins. An attacker could create\na specially crafted BMP or PCX image file that, when opened, could\ncause the relevant plug-in to crash or, potentially, execute arbitrary\ncode with the privileges of the user running the GIMP. (CVE-2009-1570,\nCVE-2011-1178)\n\nA heap-based buffer overflow flaw was found in the GIMP's Paint Shop\nPro (PSP) image file plug-in. An attacker could create a specially\ncrafted PSP image file that, when opened, could cause the PSP plug-in\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running the GIMP. (CVE-2010-4543)\n\nA stack-based buffer overflow flaw was found in the GIMP's Sphere\nDesigner image filter. An attacker could create a specially crafted\nSphere Designer filter configuration file that, when opened, could\ncause the Sphere Designer plug-in to crash or, potentially, execute\narbitrary code with the privileges of the user running the GIMP.\n(CVE-2010-4541)\n\nRed Hat would like to thank Stefan Cornelius of Secunia Research for\nresponsibly reporting the CVE-2009-1570 flaw.\n\nUsers of the GIMP are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The GIMP\nmust be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-May/002151.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gimp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gimp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gimp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"gimp-2.0.5-7.0.7.el4.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"gimp-devel-2.0.5-7.0.7.el4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gimp / gimp-devel\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:09:40", "description": "This update fixes buffer overflows in the PSP (CVE-2010-4543,\nCVE-2011-1782), sphere-designer (CVE-2010-4541), gfig (CVE-2010-4542)\nand lighting (CVE-2010-4540) plugins.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2011-06-09T00:00:00", "title": "Fedora 13 : gimp-2.6.11-14.fc13 (2011-7397)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4541", "CVE-2010-4542", "CVE-2011-1782", "CVE-2010-4540", "CVE-2010-4543"], "modified": "2011-06-09T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:13", "p-cpe:/a:fedoraproject:fedora:gimp"], "id": "FEDORA_2011-7397.NASL", "href": "https://www.tenable.com/plugins/nessus/55003", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-7397.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55003);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-4540\", \"CVE-2010-4541\", \"CVE-2010-4542\", \"CVE-2010-4543\", \"CVE-2011-1782\");\n script_bugtraq_id(45647);\n script_xref(name:\"FEDORA\", value:\"2011-7397\");\n\n script_name(english:\"Fedora 13 : gimp-2.6.11-14.fc13 (2011-7397)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes buffer overflows in the PSP (CVE-2010-4543,\nCVE-2011-1782), sphere-designer (CVE-2010-4541), gfig (CVE-2010-4542)\nand lighting (CVE-2010-4540) plugins.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=706939\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-June/061284.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8a6759b2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gimp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gimp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"gimp-2.6.11-14.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gimp\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:41", "bulletinFamily": "software", "cvelist": ["CVE-2010-4541", "CVE-2010-4542", "CVE-2011-1178", "CVE-2011-1782", "CVE-2010-4540", "CVE-2010-4543"], "description": "Memory corruption on different data formats parsing.", "edition": 1, "modified": "2011-04-14T00:00:00", "published": "2011-04-14T00:00:00", "id": "SECURITYVULNS:VULN:11589", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11589", "title": "GIMP multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-24T12:55:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1178"], "description": "Check for the Version of gimp", "modified": "2017-07-06T00:00:00", "published": "2011-06-24T00:00:00", "id": "OPENVAS:831419", "href": "http://plugins.openvas.org/nasl.php?oid=831419", "type": "openvas", "title": "Mandriva Update for gimp MDVSA-2011:110 (gimp)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for gimp MDVSA-2011:110 (gimp)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability was discovered and corrected in gimp:\n\n Multiple integer overflows in the load_image function in file-pcx.c in\n the Personal Computer Exchange (PCX) plugin in GIMP 2.6.x and earlier\n allow remote attackers to cause a denial of service (application\n crash) or possibly execute arbitrary code via a crafted PCX image\n that triggers a heap-based buffer overflow (CVE-2011-1178).\n \n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=490\n \n The updated packages have been patched to correct this issue.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"gimp on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2011-06/msg00006.php\");\n script_id(831419);\n script_version(\"$Revision: 6570 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:06:35 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-06-24 16:46:35 +0200 (Fri, 24 Jun 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2011:110\");\n script_cve_id(\"CVE-2011-1178\");\n script_name(\"Mandriva Update for gimp MDVSA-2011:110 (gimp)\");\n\n script_summary(\"Check for the Version of gimp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"gimp\", rpm:\"gimp~2.4.7~1.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gimp-python\", rpm:\"gimp-python~2.4.7~1.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgimp2.0_0\", rpm:\"libgimp2.0_0~2.4.7~1.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgimp2.0-devel\", rpm:\"libgimp2.0-devel~2.4.7~1.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gimp2.0_0\", rpm:\"lib64gimp2.0_0~2.4.7~1.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gimp2.0-devel\", rpm:\"lib64gimp2.0-devel~2.4.7~1.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"gimp\", rpm:\"gimp~2.4.7~1.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gimp-python\", rpm:\"gimp-python~2.4.7~1.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgimp2.0_0\", rpm:\"libgimp2.0_0~2.4.7~1.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgimp2.0-devel\", rpm:\"libgimp2.0-devel~2.4.7~1.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gimp2.0_0\", rpm:\"lib64gimp2.0_0~2.4.7~1.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gimp2.0-devel\", rpm:\"lib64gimp2.0-devel~2.4.7~1.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1178"], "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2011-06-24T00:00:00", "id": "OPENVAS:1361412562310831419", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831419", "type": "openvas", "title": "Mandriva Update for gimp MDVSA-2011:110 (gimp)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for gimp MDVSA-2011:110 (gimp)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.mandriva.com/security-announce/2011-06/msg00006.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831419\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-06-24 16:46:35 +0200 (Fri, 24 Jun 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"MDVSA\", value:\"2011:110\");\n script_cve_id(\"CVE-2011-1178\");\n script_name(\"Mandriva Update for gimp MDVSA-2011:110 (gimp)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gimp'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(mes5|2009\\.0)\");\n script_tag(name:\"affected\", value:\"gimp on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\");\n script_tag(name:\"insight\", value:\"A vulnerability was discovered and corrected in gimp:\n\n Multiple integer overflows in the load_image function in file-pcx.c in\n the Personal Computer Exchange (PCX) plugin in GIMP 2.6.x and earlier\n allow remote attackers to cause a denial of service (application\n crash) or possibly execute arbitrary code via a crafted PCX image\n that triggers a heap-based buffer overflow (CVE-2011-1178).\n\n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. The updated packages have been patched to correct this issue.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=490\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"gimp\", rpm:\"gimp~2.4.7~1.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gimp-python\", rpm:\"gimp-python~2.4.7~1.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgimp2.0_0\", rpm:\"libgimp2.0_0~2.4.7~1.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgimp2.0-devel\", rpm:\"libgimp2.0-devel~2.4.7~1.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gimp2.0_0\", rpm:\"lib64gimp2.0_0~2.4.7~1.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gimp2.0-devel\", rpm:\"lib64gimp2.0-devel~2.4.7~1.3mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"gimp\", rpm:\"gimp~2.4.7~1.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gimp-python\", rpm:\"gimp-python~2.4.7~1.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgimp2.0_0\", rpm:\"libgimp2.0_0~2.4.7~1.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgimp2.0-devel\", rpm:\"libgimp2.0-devel~2.4.7~1.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gimp2.0_0\", rpm:\"lib64gimp2.0_0~2.4.7~1.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gimp2.0-devel\", rpm:\"lib64gimp2.0-devel~2.4.7~1.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1782"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1147-1", "modified": "2019-03-13T00:00:00", "published": "2011-06-20T00:00:00", "id": "OPENVAS:1361412562310840681", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840681", "type": "openvas", "title": "Ubuntu Update for gimp USN-1147-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1147_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for gimp USN-1147-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1147-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840681\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-06-20 08:37:08 +0200 (Mon, 20 Jun 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"USN\", value:\"1147-1\");\n script_cve_id(\"CVE-2011-1782\");\n script_name(\"Ubuntu Update for gimp USN-1147-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.10|10\\.04 LTS|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1147-1\");\n script_tag(name:\"affected\", value:\"gimp on Ubuntu 11.04,\n Ubuntu 10.10,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Nils Philippsen discovered that GIMP incorrectly handled malformed PSP\n image files. If a user were tricked into opening a specially crafted PSP\n image file, an attacker could cause GIMP to crash, or possibly execute\n arbitrary code with the user's privileges.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"gimp\", ver:\"2.6.10-1ubuntu3.3\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"gimp\", ver:\"2.6.8-2ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"gimp\", ver:\"2.6.11-1ubuntu6.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-12-04T11:26:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1782"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1147-1", "modified": "2017-12-01T00:00:00", "published": "2011-06-20T00:00:00", "id": "OPENVAS:840681", "href": "http://plugins.openvas.org/nasl.php?oid=840681", "type": "openvas", "title": "Ubuntu Update for gimp USN-1147-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1147_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for gimp USN-1147-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Nils Philippsen discovered that GIMP incorrectly handled malformed PSP\n image files. If a user were tricked into opening a specially crafted PSP\n image file, an attacker could cause GIMP to crash, or possibly execute\n arbitrary code with the user's privileges.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1147-1\";\ntag_affected = \"gimp on Ubuntu 11.04 ,\n Ubuntu 10.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1147-1/\");\n script_id(840681);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-06-20 08:37:08 +0200 (Mon, 20 Jun 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"1147-1\");\n script_cve_id(\"CVE-2011-1782\");\n script_name(\"Ubuntu Update for gimp USN-1147-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"gimp\", ver:\"2.6.10-1ubuntu3.3\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"gimp\", ver:\"2.6.8-2ubuntu1.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"gimp\", ver:\"2.6.11-1ubuntu6.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4541", "CVE-2011-1178", "CVE-2010-4543", "CVE-2009-1570"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2011-06-06T00:00:00", "id": "OPENVAS:1361412562310870437", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870437", "type": "openvas", "title": "RedHat Update for gimp RHSA-2011:0837-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for gimp RHSA-2011:0837-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-May/msg00028.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870437\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-06-06 16:56:27 +0200 (Mon, 06 Jun 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2011:0837-01\");\n script_cve_id(\"CVE-2009-1570\", \"CVE-2010-4541\", \"CVE-2010-4543\", \"CVE-2011-1178\");\n script_name(\"RedHat Update for gimp RHSA-2011:0837-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gimp'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_4\");\n script_tag(name:\"affected\", value:\"gimp on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The GIMP (GNU Image Manipulation Program) is an image composition and\n editing program.\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the GIMP's Microsoft Windows Bitmap (BMP) and Personal Computer\n eXchange (PCX) image file plug-ins. An attacker could create a\n specially-crafted BMP or PCX image file that, when opened, could cause the\n relevant plug-in to crash or, potentially, execute arbitrary code with the\n privileges of the user running the GIMP. (CVE-2009-1570, CVE-2011-1178)\n\n A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro\n (PSP) image file plug-in. An attacker could create a specially-crafted PSP\n image file that, when opened, could cause the PSP plug-in to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n the GIMP. (CVE-2010-4543)\n\n A stack-based buffer overflow flaw was found in the GIMP's Sphere Designer\n image filter. An attacker could create a specially-crafted Sphere Designer\n filter configuration file that, when opened, could cause the Sphere\n Designer plug-in to crash or, potentially, execute arbitrary code with the\n privileges of the user running the GIMP. (CVE-2010-4541)\n\n Red Hat would like to thank Stefan Cornelius of Secunia Research for\n responsibly reporting the CVE-2009-1570 flaw.\n\n Users of the GIMP are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues. The GIMP must be\n restarted for the update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"gimp\", rpm:\"gimp~2.0.5~7.0.7.el4.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gimp-debuginfo\", rpm:\"gimp-debuginfo~2.0.5~7.0.7.el4.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gimp-devel\", rpm:\"gimp-devel~2.0.5~7.0.7.el4.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-02T10:57:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4541", "CVE-2011-1178", "CVE-2010-4543", "CVE-2009-1570"], "description": "Check for the Version of gimp", "modified": "2018-01-01T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:881260", "href": "http://plugins.openvas.org/nasl.php?oid=881260", "type": "openvas", "title": "CentOS Update for gimp CESA-2011:0837 centos4 x86_64", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for gimp CESA-2011:0837 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The GIMP (GNU Image Manipulation Program) is an image composition and\n editing program.\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the GIMP's Microsoft Windows Bitmap (BMP) and Personal Computer\n eXchange (PCX) image file plug-ins. An attacker could create a\n specially-crafted BMP or PCX image file that, when opened, could cause the\n relevant plug-in to crash or, potentially, execute arbitrary code with the\n privileges of the user running the GIMP. (CVE-2009-1570, CVE-2011-1178)\n \n A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro\n (PSP) image file plug-in. An attacker could create a specially-crafted PSP\n image file that, when opened, could cause the PSP plug-in to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n the GIMP. (CVE-2010-4543)\n \n A stack-based buffer overflow flaw was found in the GIMP's Sphere Designer\n image filter. An attacker could create a specially-crafted Sphere Designer\n filter configuration file that, when opened, could cause the Sphere\n Designer plug-in to crash or, potentially, execute arbitrary code with the\n privileges of the user running the GIMP. (CVE-2010-4541)\n \n Red Hat would like to thank Stefan Cornelius of Secunia Research for\n responsibly reporting the CVE-2009-1570 flaw.\n \n Users of the GIMP are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues. The GIMP must be\n restarted for the update to take effect.\";\n\ntag_affected = \"gimp on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-June/017604.html\");\n script_id(881260);\n script_version(\"$Revision: 8265 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-01 07:29:23 +0100 (Mon, 01 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:13:17 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2009-1570\", \"CVE-2010-4541\", \"CVE-2010-4543\", \"CVE-2011-1178\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2011:0837\");\n script_name(\"CentOS Update for gimp CESA-2011:0837 centos4 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gimp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"gimp\", rpm:\"gimp~2.0.5~7.0.7.el4.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gimp-devel\", rpm:\"gimp-devel~2.0.5~7.0.7.el4.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4541", "CVE-2011-1178", "CVE-2010-4543", "CVE-2009-1570"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-06-06T00:00:00", "id": "OPENVAS:1361412562310880489", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880489", "type": "openvas", "title": "CentOS Update for gimp CESA-2011:0837 centos4 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for gimp CESA-2011:0837 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-June/017603.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880489\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-06-06 16:56:27 +0200 (Mon, 06 Jun 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2011:0837\");\n script_cve_id(\"CVE-2009-1570\", \"CVE-2010-4541\", \"CVE-2010-4543\", \"CVE-2011-1178\");\n script_name(\"CentOS Update for gimp CESA-2011:0837 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gimp'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"gimp on CentOS 4\");\n script_tag(name:\"insight\", value:\"The GIMP (GNU Image Manipulation Program) is an image composition and\n editing program.\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the GIMP's Microsoft Windows Bitmap (BMP) and Personal Computer\n eXchange (PCX) image file plug-ins. An attacker could create a\n specially-crafted BMP or PCX image file that, when opened, could cause the\n relevant plug-in to crash or, potentially, execute arbitrary code with the\n privileges of the user running the GIMP. (CVE-2009-1570, CVE-2011-1178)\n\n A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro\n (PSP) image file plug-in. An attacker could create a specially-crafted PSP\n image file that, when opened, could cause the PSP plug-in to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n the GIMP. (CVE-2010-4543)\n\n A stack-based buffer overflow flaw was found in the GIMP's Sphere Designer\n image filter. An attacker could create a specially-crafted Sphere Designer\n filter configuration file that, when opened, could cause the Sphere\n Designer plug-in to crash or, potentially, execute arbitrary code with the\n privileges of the user running the GIMP. (CVE-2010-4541)\n\n Red Hat would like to thank Stefan Cornelius of Secunia Research for\n responsibly reporting the CVE-2009-1570 flaw.\n\n Users of the GIMP are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues. The GIMP must be\n restarted for the update to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"gimp\", rpm:\"gimp~2.0.5~7.0.7.el4.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gimp-devel\", rpm:\"gimp-devel~2.0.5~7.0.7.el4.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4541", "CVE-2011-1178", "CVE-2010-4543", "CVE-2009-1570"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:1361412562310881260", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881260", "type": "openvas", "title": "CentOS Update for gimp CESA-2011:0837 centos4 x86_64", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for gimp CESA-2011:0837 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-June/017604.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881260\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:13:17 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2009-1570\", \"CVE-2010-4541\", \"CVE-2010-4543\", \"CVE-2011-1178\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2011:0837\");\n script_name(\"CentOS Update for gimp CESA-2011:0837 centos4 x86_64\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gimp'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"gimp on CentOS 4\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The GIMP (GNU Image Manipulation Program) is an image composition and\n editing program.\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the GIMP's Microsoft Windows Bitmap (BMP) and Personal Computer\n eXchange (PCX) image file plug-ins. An attacker could create a\n specially-crafted BMP or PCX image file that, when opened, could cause the\n relevant plug-in to crash or, potentially, execute arbitrary code with the\n privileges of the user running the GIMP. (CVE-2009-1570, CVE-2011-1178)\n\n A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro\n (PSP) image file plug-in. An attacker could create a specially-crafted PSP\n image file that, when opened, could cause the PSP plug-in to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n the GIMP. (CVE-2010-4543)\n\n A stack-based buffer overflow flaw was found in the GIMP's Sphere Designer\n image filter. An attacker could create a specially-crafted Sphere Designer\n filter configuration file that, when opened, could cause the Sphere\n Designer plug-in to crash or, potentially, execute arbitrary code with the\n privileges of the user running the GIMP. (CVE-2010-4541)\n\n Red Hat would like to thank Stefan Cornelius of Secunia Research for\n responsibly reporting the CVE-2009-1570 flaw.\n\n Users of the GIMP are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues. The GIMP must be\n restarted for the update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"gimp\", rpm:\"gimp~2.0.5~7.0.7.el4.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gimp-devel\", rpm:\"gimp-devel~2.0.5~7.0.7.el4.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-27T10:55:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4541", "CVE-2011-1178", "CVE-2010-4543", "CVE-2009-1570"], "description": "Check for the Version of gimp", "modified": "2017-07-12T00:00:00", "published": "2011-06-06T00:00:00", "id": "OPENVAS:870437", "href": "http://plugins.openvas.org/nasl.php?oid=870437", "type": "openvas", "title": "RedHat Update for gimp RHSA-2011:0837-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for gimp RHSA-2011:0837-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The GIMP (GNU Image Manipulation Program) is an image composition and\n editing program.\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the GIMP's Microsoft Windows Bitmap (BMP) and Personal Computer\n eXchange (PCX) image file plug-ins. An attacker could create a\n specially-crafted BMP or PCX image file that, when opened, could cause the\n relevant plug-in to crash or, potentially, execute arbitrary code with the\n privileges of the user running the GIMP. (CVE-2009-1570, CVE-2011-1178)\n \n A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro\n (PSP) image file plug-in. An attacker could create a specially-crafted PSP\n image file that, when opened, could cause the PSP plug-in to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n the GIMP. (CVE-2010-4543)\n \n A stack-based buffer overflow flaw was found in the GIMP's Sphere Designer\n image filter. An attacker could create a specially-crafted Sphere Designer\n filter configuration file that, when opened, could cause the Sphere\n Designer plug-in to crash or, potentially, execute arbitrary code with the\n privileges of the user running the GIMP. (CVE-2010-4541)\n \n Red Hat would like to thank Stefan Cornelius of Secunia Research for\n responsibly reporting the CVE-2009-1570 flaw.\n \n Users of the GIMP are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues. The GIMP must be\n restarted for the update to take effect.\";\n\ntag_affected = \"gimp on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-May/msg00028.html\");\n script_id(870437);\n script_version(\"$Revision: 6685 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:44:46 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-06-06 16:56:27 +0200 (Mon, 06 Jun 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2011:0837-01\");\n script_cve_id(\"CVE-2009-1570\", \"CVE-2010-4541\", \"CVE-2010-4543\", \"CVE-2011-1178\");\n script_name(\"RedHat Update for gimp RHSA-2011:0837-01\");\n\n script_summary(\"Check for the Version of gimp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"gimp\", rpm:\"gimp~2.0.5~7.0.7.el4.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gimp-debuginfo\", rpm:\"gimp-debuginfo~2.0.5~7.0.7.el4.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gimp-devel\", rpm:\"gimp-devel~2.0.5~7.0.7.el4.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4541", "CVE-2011-1178", "CVE-2010-4543", "CVE-2009-1570"], "description": "Check for the Version of gimp", "modified": "2017-07-10T00:00:00", "published": "2011-06-06T00:00:00", "id": "OPENVAS:880489", "href": "http://plugins.openvas.org/nasl.php?oid=880489", "type": "openvas", "title": "CentOS Update for gimp CESA-2011:0837 centos4 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for gimp CESA-2011:0837 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The GIMP (GNU Image Manipulation Program) is an image composition and\n editing program.\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the GIMP's Microsoft Windows Bitmap (BMP) and Personal Computer\n eXchange (PCX) image file plug-ins. An attacker could create a\n specially-crafted BMP or PCX image file that, when opened, could cause the\n relevant plug-in to crash or, potentially, execute arbitrary code with the\n privileges of the user running the GIMP. (CVE-2009-1570, CVE-2011-1178)\n \n A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro\n (PSP) image file plug-in. An attacker could create a specially-crafted PSP\n image file that, when opened, could cause the PSP plug-in to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n the GIMP. (CVE-2010-4543)\n \n A stack-based buffer overflow flaw was found in the GIMP's Sphere Designer\n image filter. An attacker could create a specially-crafted Sphere Designer\n filter configuration file that, when opened, could cause the Sphere\n Designer plug-in to crash or, potentially, execute arbitrary code with the\n privileges of the user running the GIMP. (CVE-2010-4541)\n \n Red Hat would like to thank Stefan Cornelius of Secunia Research for\n responsibly reporting the CVE-2009-1570 flaw.\n \n Users of the GIMP are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues. The GIMP must be\n restarted for the update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"gimp on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-June/017603.html\");\n script_id(880489);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-06-06 16:56:27 +0200 (Mon, 06 Jun 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2011:0837\");\n script_cve_id(\"CVE-2009-1570\", \"CVE-2010-4541\", \"CVE-2010-4543\", \"CVE-2011-1178\");\n script_name(\"CentOS Update for gimp CESA-2011:0837 centos4 i386\");\n\n script_summary(\"Check for the Version of gimp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"gimp\", rpm:\"gimp~2.0.5~7.0.7.el4.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gimp-devel\", rpm:\"gimp-devel~2.0.5~7.0.7.el4.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2020-07-08T23:41:26", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1782"], "description": "Nils Philippsen discovered that GIMP incorrectly handled malformed PSP \nimage files. If a user were tricked into opening a specially crafted PSP \nimage file, an attacker could cause GIMP to crash, or possibly execute \narbitrary code with the user's privileges.", "edition": 5, "modified": "2011-06-13T00:00:00", "published": "2011-06-13T00:00:00", "id": "USN-1147-1", "href": "https://ubuntu.com/security/notices/USN-1147-1", "title": "GIMP vulnerability", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:25:57", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4541", "CVE-2011-1178", "CVE-2010-4543", "CVE-2009-1570"], "description": "**CentOS Errata and Security Advisory** CESA-2011:0837\n\n\nThe GIMP (GNU Image Manipulation Program) is an image composition and\nediting program.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the GIMP's Microsoft Windows Bitmap (BMP) and Personal Computer\neXchange (PCX) image file plug-ins. An attacker could create a\nspecially-crafted BMP or PCX image file that, when opened, could cause the\nrelevant plug-in to crash or, potentially, execute arbitrary code with the\nprivileges of the user running the GIMP. (CVE-2009-1570, CVE-2011-1178)\n\nA heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro\n(PSP) image file plug-in. An attacker could create a specially-crafted PSP\nimage file that, when opened, could cause the PSP plug-in to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe GIMP. (CVE-2010-4543)\n\nA stack-based buffer overflow flaw was found in the GIMP's Sphere Designer\nimage filter. An attacker could create a specially-crafted Sphere Designer\nfilter configuration file that, when opened, could cause the Sphere\nDesigner plug-in to crash or, potentially, execute arbitrary code with the\nprivileges of the user running the GIMP. (CVE-2010-4541)\n\nRed Hat would like to thank Stefan Cornelius of Secunia Research for\nresponsibly reporting the CVE-2009-1570 flaw.\n\nUsers of the GIMP are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The GIMP must be\nrestarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-June/029641.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-June/029642.html\n\n**Affected packages:**\ngimp\ngimp-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2011-0837.html", "edition": 3, "modified": "2011-06-01T12:27:19", "published": "2011-06-01T12:26:39", "href": "http://lists.centos.org/pipermail/centos-announce/2011-June/029641.html", "id": "CESA-2011:0837", "title": "gimp security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:24:41", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4541", "CVE-2010-4542", "CVE-2011-1178", "CVE-2010-4540", "CVE-2010-4543", "CVE-2009-1570"], "description": "**CentOS Errata and Security Advisory** CESA-2011:0838\n\n\nThe GIMP (GNU Image Manipulation Program) is an image composition and\nediting program.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the GIMP's Microsoft Windows Bitmap (BMP) and Personal Computer\neXchange (PCX) image file plug-ins. An attacker could create a\nspecially-crafted BMP or PCX image file that, when opened, could cause the\nrelevant plug-in to crash or, potentially, execute arbitrary code with the\nprivileges of the user running the GIMP. (CVE-2009-1570, CVE-2011-1178)\n\nA heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro\n(PSP) image file plug-in. An attacker could create a specially-crafted PSP\nimage file that, when opened, could cause the PSP plug-in to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe GIMP. (CVE-2010-4543)\n\nA stack-based buffer overflow flaw was found in the GIMP's Lightning,\nSphere Designer, and Gfig image filters. An attacker could create a\nspecially-crafted Lightning, Sphere Designer, or Gfig filter configuration\nfile that, when opened, could cause the relevant plug-in to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe GIMP. (CVE-2010-4540, CVE-2010-4541, CVE-2010-4542)\n\nRed Hat would like to thank Stefan Cornelius of Secunia Research for\nresponsibly reporting the CVE-2009-1570 flaw.\n\nUsers of the GIMP are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The GIMP must be\nrestarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-May/029635.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-May/029636.html\n\n**Affected packages:**\ngimp\ngimp-devel\ngimp-libs\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2011-0838.html", "edition": 3, "modified": "2011-05-31T17:02:44", "published": "2011-05-31T17:02:44", "href": "http://lists.centos.org/pipermail/centos-announce/2011-May/029635.html", "id": "CESA-2011:0838", "title": "gimp security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:39", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4541", "CVE-2011-1178", "CVE-2010-4543", "CVE-2009-1570"], "description": "[2.0.5-7.0.7.el4.1]\n- unfuzz validate-size-values patch\n- don't use Prereq\n- fix various overflows (#537356, #689831, #703403, #703407, #704512)", "edition": 4, "modified": "2011-05-31T00:00:00", "published": "2011-05-31T00:00:00", "id": "ELSA-2011-0837", "href": "http://linux.oracle.com/errata/ELSA-2011-0837.html", "title": "gimp security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:08", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4541", "CVE-2010-4542", "CVE-2011-1178", "CVE-2010-4540", "CVE-2010-4543", "CVE-2009-1570"], "description": "[2:2.2.13-2.0.7.2]\n- fix various overflows (#537356, #666793, #689831, #703403, #703405, #703407,\n - unfuzz gimphelpmissing, icontheme patches", "edition": 4, "modified": "2011-05-31T00:00:00", "published": "2011-05-31T00:00:00", "id": "ELSA-2011-0838", "href": "http://linux.oracle.com/errata/ELSA-2011-0838.html", "title": "gimp security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:47:09", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1570", "CVE-2010-4541", "CVE-2010-4543", "CVE-2011-1178"], "description": "The GIMP (GNU Image Manipulation Program) is an image composition and\nediting program.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the GIMP's Microsoft Windows Bitmap (BMP) and Personal Computer\neXchange (PCX) image file plug-ins. An attacker could create a\nspecially-crafted BMP or PCX image file that, when opened, could cause the\nrelevant plug-in to crash or, potentially, execute arbitrary code with the\nprivileges of the user running the GIMP. (CVE-2009-1570, CVE-2011-1178)\n\nA heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro\n(PSP) image file plug-in. An attacker could create a specially-crafted PSP\nimage file that, when opened, could cause the PSP plug-in to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe GIMP. (CVE-2010-4543)\n\nA stack-based buffer overflow flaw was found in the GIMP's Sphere Designer\nimage filter. An attacker could create a specially-crafted Sphere Designer\nfilter configuration file that, when opened, could cause the Sphere\nDesigner plug-in to crash or, potentially, execute arbitrary code with the\nprivileges of the user running the GIMP. (CVE-2010-4541)\n\nRed Hat would like to thank Stefan Cornelius of Secunia Research for\nresponsibly reporting the CVE-2009-1570 flaw.\n\nUsers of the GIMP are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The GIMP must be\nrestarted for the update to take effect.\n", "modified": "2017-09-08T11:51:30", "published": "2011-05-31T04:00:00", "id": "RHSA-2011:0837", "href": "https://access.redhat.com/errata/RHSA-2011:0837", "type": "redhat", "title": "(RHSA-2011:0837) Moderate: gimp security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:01", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1570", "CVE-2010-4540", "CVE-2010-4541", "CVE-2010-4542", "CVE-2010-4543", "CVE-2011-1178"], "description": "The GIMP (GNU Image Manipulation Program) is an image composition and\nediting program.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the GIMP's Microsoft Windows Bitmap (BMP) and Personal Computer\neXchange (PCX) image file plug-ins. An attacker could create a\nspecially-crafted BMP or PCX image file that, when opened, could cause the\nrelevant plug-in to crash or, potentially, execute arbitrary code with the\nprivileges of the user running the GIMP. (CVE-2009-1570, CVE-2011-1178)\n\nA heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro\n(PSP) image file plug-in. An attacker could create a specially-crafted PSP\nimage file that, when opened, could cause the PSP plug-in to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe GIMP. (CVE-2010-4543)\n\nA stack-based buffer overflow flaw was found in the GIMP's Lightning,\nSphere Designer, and Gfig image filters. An attacker could create a\nspecially-crafted Lightning, Sphere Designer, or Gfig filter configuration\nfile that, when opened, could cause the relevant plug-in to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe GIMP. (CVE-2010-4540, CVE-2010-4541, CVE-2010-4542)\n\nRed Hat would like to thank Stefan Cornelius of Secunia Research for\nresponsibly reporting the CVE-2009-1570 flaw.\n\nUsers of the GIMP are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The GIMP must be\nrestarted for the update to take effect.\n", "modified": "2017-09-08T11:53:46", "published": "2011-05-31T04:00:00", "id": "RHSA-2011:0838", "href": "https://access.redhat.com/errata/RHSA-2011:0838", "type": "redhat", "title": "(RHSA-2011:0838) Moderate: gimp security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4540", "CVE-2010-4541", "CVE-2010-4542", "CVE-2010-4543", "CVE-2011-1782"], "description": "GIMP (GNU Image Manipulation Program) is a powerful image composition and editing program, which can be extremely useful for creating logos and other graphics for webpages. GIMP has many of the tools and filters you would exp ect to find in similar commercial offerings, and some interesting extras as wel l. GIMP provides a large image manipulation toolbox, including channel operati ons and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. ", "modified": "2011-06-07T04:29:43", "published": "2011-06-07T04:29:43", "id": "FEDORA:D15B610F8A9", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: gimp-2.6.11-14.fc14", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4540", "CVE-2010-4541", "CVE-2010-4542", "CVE-2010-4543", "CVE-2011-1782"], "description": "GIMP (GNU Image Manipulation Program) is a powerful image composition and editing program, which can be extremely useful for creating logos and other graphics for webpages. GIMP has many of the tools and filters you would exp ect to find in similar commercial offerings, and some interesting extras as wel l. GIMP provides a large image manipulation toolbox, including channel operati ons and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. ", "modified": "2011-05-27T20:17:47", "published": "2011-05-27T20:17:47", "id": "FEDORA:A661B11061A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: gimp-2.6.11-14.fc15", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4540", "CVE-2010-4541", "CVE-2010-4542", "CVE-2010-4543", "CVE-2011-1782"], "description": "GIMP (GNU Image Manipulation Program) is a powerful image composition and editing program, which can be extremely useful for creating logos and other graphics for webpages. GIMP has many of the tools and filters you would exp ect to find in similar commercial offerings, and some interesting extras as wel l. GIMP provides a large image manipulation toolbox, including channel operati ons and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. ", "modified": "2011-06-08T23:58:42", "published": "2011-06-08T23:58:42", "id": "FEDORA:9806210F8E5", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: gimp-2.6.11-14.fc13", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4540", "CVE-2010-4541", "CVE-2010-4542", "CVE-2010-4543", "CVE-2011-1782", "CVE-2011-2896"], "description": "GIMP (GNU Image Manipulation Program) is a powerful image composition and editing program, which can be extremely useful for creating logos and other graphics for webpages. GIMP has many of the tools and filters you would exp ect to find in similar commercial offerings, and some interesting extras as wel l. GIMP provides a large image manipulation toolbox, including channel operati ons and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. ", "modified": "2011-08-19T21:59:46", "published": "2011-08-19T21:59:46", "id": "FEDORA:37B4711095E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: gimp-2.6.11-21.fc15", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4540", "CVE-2010-4541", "CVE-2010-4542", "CVE-2010-4543", "CVE-2011-1782", "CVE-2011-2896"], "description": "GIMP (GNU Image Manipulation Program) is a powerful image composition and editing program, which can be extremely useful for creating logos and other graphics for webpages. GIMP has many of the tools and filters you would exp ect to find in similar commercial offerings, and some interesting extras as wel l. GIMP provides a large image manipulation toolbox, including channel operati ons and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. ", "modified": "2011-08-23T04:38:04", "published": "2011-08-23T04:38:04", "id": "FEDORA:34451110A59", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: gimp-2.6.11-21.fc14", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-11-11T13:25:48", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4541", "CVE-2010-4542", "CVE-2011-1782", "CVE-2010-4540", "CVE-2010-4543", "CVE-2011-2896"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2426-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nMarch 06, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : gimp\nVulnerability : several\nProblem type : local\nDebian-specific: no\nCVE ID : CVE-2010-4540 CVE-2010-4541 CVE-2010-4542 CVE-2010-4543\n CVE-2011-1782 CVE-2011-2896\n\nSeveral vulnerabilities have been identified in GIMP, the GNU Image\nManipulation Program.\n\nCVE-2010-4540\n\tStack-based buffer overflow in the load_preset_response\n\tfunction in plug-ins/lighting/lighting-ui.c in the "LIGHTING\n\tEFFECTS > LIGHT" plugin allows user-assisted remote attackers\n\tto cause a denial of service (application crash) or possibly\n\texecute arbitrary code via a long Position field in a plugin\n\tconfiguration file.\n\nCVE-2010-4541\n\tStack-based buffer overflow in the loadit function in\n\tplug-ins/common/sphere-designer.c in the SPHERE DESIGNER\n\tplugin allows user-assisted remote attackers to cause a denial\n\tof service (application crash) or possibly execute arbitrary\n\tcode via a long "Number of lights" field in a plugin\n\tconfiguration file.\n\nCVE-2010-4542\n\tStack-based buffer overflow in the gfig_read_parameter_gimp_rgb\n\tfunction in in the GFIG plugin allows user-assisted remote\n\tattackers to cause a denial of service (application crash) or\n\tpossibly execute arbitrary code via a long Foreground field in a\n\tplugin configuration file.\n\nCVE-2010-4543\n\tHeap-based buffer overflow in the read_channel_data function in\n\tfile-psp.c in the Paint Shop Pro (PSP) plugin allows remote\n\tattackers to cause a denial of service (application crash) or\n\tpossibly execute arbitrary code via a PSP_COMP_RLE (aka RLE\n\tcompression) image file that begins a long run count at the end\n\tof the image.\n\nCVE-2011-1782\n\tThe correction for CVE-2010-4543 was incomplete.\n\nCVE-2011-2896\n\tThe LZW decompressor in the LZWReadByte function in\n\tplug-ins/common/file-gif-load.c does not properly handle code\n\twords that are absent from the decompression table when\n\tencountered, which allows remote attackers to trigger an\n\tinfinite loop or a heap-based buffer overflow, and possibly\n\texecute arbitrary code, via a crafted compressed stream.\n\n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 2.6.10-1+squeeze3.\n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 2.6.11-5.\n\nWe recommend that you upgrade your gimp packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 7, "modified": "2012-03-06T18:47:51", "published": "2012-03-06T18:47:51", "id": "DEBIAN:DSA-2426-1:E60DB", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00054.html", "title": "[SECURITY] [DSA 2426-1] gimp security update", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:58", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3909", "CVE-2012-3402", "CVE-2010-4541", "CVE-2010-4542", "CVE-2011-1178", "CVE-2010-4540", "CVE-2010-4543", "CVE-2011-2896", "CVE-2009-1570", "CVE-2012-2763"], "description": "### Background\n\nGIMP is the GNU Image Manipulation Program.\n\n### Description\n\nMultiple vulnerabilities have been discovered in GIMP. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll GIMP users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-gfx/gimp-2.6.12-r2\"", "edition": 1, "modified": "2012-09-28T00:00:00", "published": "2012-09-28T00:00:00", "id": "GLSA-201209-23", "href": "https://security.gentoo.org/glsa/201209-23", "type": "gentoo", "title": "GIMP: Multiple vulnerabilities", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}

openSUSE Security Update : gimp (openSUSE-SU-2011:0586-1)

Description

This update fixes various overflows : CVE-2011-1178: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) CVE-2011-1782: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This update fixes various overflows :

CVE-2011-1178: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE-2011-1782: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)