DATABASE RESOURCES PRICING ABOUT US

{"id": "OPENVAS:136141256231066518", "type": "openvas", "bulletinFamily": "scanner", "title": "Slackware Advisory SSA:2009-345-01 gimp", "description": "The remote host is missing an update as announced\nvia advisory SSA:2009-345-01.", "published": "2012-09-11T00:00:00", "modified": "2019-03-15T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066518", "reporter": "Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com", "references": ["https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2009-345-01"], "cvelist": ["CVE-2009-3909", "CVE-2009-1570"], "lastseen": "2019-05-29T18:39:00", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "centos", "idList": ["CESA-2011:0837", "CESA-2011:0838", "CESA-2012:1181"]}, {"type": "cve", "idList": ["CVE-2009-1570", "CVE-2009-3909", "CVE-2012-3402"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1941-1:32EAD"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2009-1570", "DEBIANCVE:CVE-2009-3909", "DEBIANCVE:CVE-2012-3402"]}, {"type": "gentoo", "idList": ["GLSA-201209-23"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/CENTOS_LINUX-CVE-2012-3402/", "MSF:ILITIES/GENTOO-LINUX-CVE-2012-3402/", "MSF:ILITIES/SUSE-CVE-2012-3402/"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2011-0837.NASL", "CENTOS_RHSA-2011-0838.NASL", "CENTOS_RHSA-2012-1181.NASL", "DEBIAN_DSA-1941.NASL", "GENTOO_GLSA-201209-23.NASL", "MANDRIVA_MDVSA-2009-296.NASL", "MANDRIVA_MDVSA-2009-332.NASL", "ORACLELINUX_ELSA-2011-0837.NASL", "ORACLELINUX_ELSA-2011-0838.NASL", "ORACLELINUX_ELSA-2012-1181.NASL", "REDHAT-RHSA-2011-0837.NASL", "REDHAT-RHSA-2011-0838.NASL", "REDHAT-RHSA-2012-1181.NASL", "SLACKWARE_SSA_2009-345-01.NASL", "SL_20110531_GIMP_ON_SL4_X.NASL", "SL_20110531_GIMP_ON_SL5_X.NASL", "SL_20120820_GIMP_ON_SL5_X.NASL", "SOLARIS10_143510-01.NASL", "SOLARIS10_X86_143511-01.NASL", "SUSE_11_0_GIMP-100318.NASL", "SUSE_11_1_GIMP-100318.NASL", "SUSE_11_2_GIMP-100318.NASL", "SUSE_11_GIMP-100318.NASL", "SUSE_GIMP-6880.NASL", "SUSE_GIMP-6882.NASL", "UBUNTU_USN-880-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310122157", "OPENVAS:1361412562310123843", "OPENVAS:136141256231066332", "OPENVAS:136141256231066494", "OPENVAS:136141256231072457", "OPENVAS:1361412562310831022", "OPENVAS:1361412562310840362", "OPENVAS:1361412562310855805", "OPENVAS:1361412562310855839", "OPENVAS:1361412562310870437", "OPENVAS:1361412562310870438", "OPENVAS:1361412562310870809", "OPENVAS:1361412562310880489", "OPENVAS:1361412562310880522", "OPENVAS:1361412562310881260", "OPENVAS:1361412562310881435", "OPENVAS:1361412562310881470", "OPENVAS:66332", "OPENVAS:66494", "OPENVAS:66518", "OPENVAS:72457", "OPENVAS:831022", "OPENVAS:840362", "OPENVAS:855805", "OPENVAS:855839", "OPENVAS:870437", "OPENVAS:870438", "OPENVAS:870809", "OPENVAS:880489", "OPENVAS:880522", "OPENVAS:881260", "OPENVAS:881435", "OPENVAS:881470"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-0837", "ELSA-2011-0838", "ELSA-2012-1181"]}, {"type": "redhat", "idList": ["RHSA-2011:0837", "RHSA-2011:0838", "RHSA-2012:1181"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:22790", "SECURITYVULNS:DOC:22797", "SECURITYVULNS:VULN:10403"]}, {"type": "seebug", "idList": ["SSV:12629", "SSV:14960"]}, {"type": "slackware", "idList": ["SSA-2009-345-01"]}, {"type": "ubuntu", "idList": ["USN-880-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2009-1570", "UB:CVE-2009-3909"]}]}, "score": {"value": 8.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2011:0837", "CESA-2011:0838", "CESA-2012:1181"]}, {"type": "cve", "idList": ["CVE-2009-1570", "CVE-2009-3909"]}, {"type": "gentoo", "idList": ["GLSA-201209-23"]}, {"type": "nessus", "idList": ["SUSE_11_0_GIMP-100318.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310881260", "OPENVAS:881470"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-0837", "ELSA-2011-0838", "ELSA-2012-1181"]}, {"type": "redhat", "idList": ["RHSA-2011:0837", "RHSA-2011:0838", "RHSA-2012:1181"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:10403"]}, {"type": "slackware", "idList": ["SSA-2009-345-01"]}, {"type": "ubuntu", "idList": ["USN-880-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2009-1570"]}]}, "exploitation": null, "vulnersScore": 8.0}, "pluginID": "136141256231066518", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2009_345_01.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66518\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2009-1570\", \"CVE-2009-3909\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2009-345-01 gimp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(12\\.1|12\\.2|13\\.0)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2009-345-01\");\n\n script_tag(name:\"insight\", value:\"New gimp packages are available for Slackware 12.1, 12.2, 13.0, and -current to\nfix security issues.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2009-345-01.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"gimp\", ver:\"2.4.7-i486-1_slack12.1\", rls:\"SLK12.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"gimp\", ver:\"2.4.7-i486-2_slack12.2\", rls:\"SLK12.2\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"gimp\", ver:\"2.6.8-i486-1_slack13.0\", rls:\"SLK13.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "naslFamily": "Slackware Local Security Checks", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647589307, "score": 0}}

{"nessus": [{"lastseen": "2021-08-19T13:04:48", "description": "Integer overflows in the BMP and PSD plug-ins potentially allowed attackers to execute arbitrary code on the victim's system by tricking the victim to open specially crafted files (CVE-2009-1570, CVE-2009-3909).", "cvss3": {"score": null, "vector": null}, "published": "2010-04-15T00:00:00", "type": "nessus", "title": "openSUSE Security Update : gimp (openSUSE-SU-2010:0115-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1570", "CVE-2009-3909"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:gimp", "p-cpe:/a:novell:opensuse:gimp-branding-upstream", "p-cpe:/a:novell:opensuse:gimp-devel", "p-cpe:/a:novell:opensuse:gimp-lang", "p-cpe:/a:novell:opensuse:gimp-plugins-python", "cpe:/o:novell:opensuse:11.1"], "id": "SUSE_11_1_GIMP-100318.NASL", "href": "https://www.tenable.com/plugins/nessus/45535", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update gimp-2151.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(45535);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1570\", \"CVE-2009-3909\");\n\n script_name(english:\"openSUSE Security Update : gimp (openSUSE-SU-2010:0115-1)\");\n script_summary(english:\"Check for the gimp-2151 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Integer overflows in the BMP and PSD plug-ins potentially allowed\nattackers to execute arbitrary code on the victim's system by tricking\nthe victim to open specially crafted files (CVE-2009-1570,\nCVE-2009-3909).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=555144\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=555166\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-04/msg00014.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gimp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gimp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gimp-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gimp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gimp-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gimp-plugins-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/04/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"gimp-2.6.2-2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"gimp-branding-upstream-2.6.2-2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"gimp-devel-2.6.2-2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"gimp-lang-2.6.2-2.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"gimp-plugins-python-2.6.2-2.19.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gimp / gimp-branding-upstream / gimp-devel / gimp-lang / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T15:13:12", "description": "A vulnerability was discovered and corrected in gimp :\n\nInteger overflow in the read_channel_data function in plug-ins/file-psd/psd-load.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a crafted PSD file that triggers a heap-based buffer overflow (CVE-2009-3909).\n\nAdditionally the patch for CVE-2009-1570 in MDVSA-2009:296 was incomplete, this update corrects this as well.\n\nThis update provides a solution to this vulnerability.\n\nUpdate :\n\nPackages for 2009.0 are provided due to the Extended Maintenance Program.", "cvss3": {"score": null, "vector": null}, "published": "2010-04-29T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : gimp (MDVSA-2009:332-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1570", "CVE-2009-3909"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:gimp", "p-cpe:/a:mandriva:linux:gimp-python", "p-cpe:/a:mandriva:linux:lib64gimp2.0-devel", "p-cpe:/a:mandriva:linux:lib64gimp2.0_0", "p-cpe:/a:mandriva:linux:libgimp2.0-devel", "p-cpe:/a:mandriva:linux:libgimp2.0_0", "cpe:/o:mandriva:linux:2009.0"], "id": "MANDRIVA_MDVSA-2009-332.NASL", "href": "https://www.tenable.com/plugins/nessus/46175", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:332. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(46175);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-3909\");\n script_bugtraq_id(37040);\n script_xref(name:\"MDVSA\", value:\"2009:332-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : gimp (MDVSA-2009:332-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability was discovered and corrected in gimp :\n\nInteger overflow in the read_channel_data function in\nplug-ins/file-psd/psd-load.c in GIMP 2.6.7 might allow remote\nattackers to execute arbitrary code via a crafted PSD file that\ntriggers a heap-based buffer overflow (CVE-2009-3909).\n\nAdditionally the patch for CVE-2009-1570 in MDVSA-2009:296 was\nincomplete, this update corrects this as well.\n\nThis update provides a solution to this vulnerability.\n\nUpdate :\n\nPackages for 2009.0 are provided due to the Extended Maintenance\nProgram.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gimp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gimp-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64gimp2.0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64gimp2.0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgimp2.0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgimp2.0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/04/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", reference:\"gimp-2.4.7-1.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"gimp-python-2.4.7-1.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64gimp2.0-devel-2.4.7-1.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64gimp2.0_0-2.4.7-1.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libgimp2.0-devel-2.4.7-1.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libgimp2.0_0-2.4.7-1.1mdv2009.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:04:32", "description": "Integer overflows in the BMP and PSD plug-ins potentially allowed attackers to execute arbitrary code on the victim's system by tricking the victim to open specially crafted files (CVE-2009-1570, CVE-2009-3909). \n\nGimp was updated to to version 2.6.8 which fixes those issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-04-15T00:00:00", "type": "nessus", "title": "openSUSE Security Update : gimp (openSUSE-SU-2010:0115-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1570", "CVE-2009-3909"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:gimp", "p-cpe:/a:novell:opensuse:gimp-branding-upstream", "p-cpe:/a:novell:opensuse:gimp-devel", "p-cpe:/a:novell:opensuse:gimp-help-browser", "p-cpe:/a:novell:opensuse:gimp-lang", "p-cpe:/a:novell:opensuse:gimp-plugins-python", "cpe:/o:novell:opensuse:11.2"], "id": "SUSE_11_2_GIMP-100318.NASL", "href": "https://www.tenable.com/plugins/nessus/45537", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update gimp-2160.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(45537);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1570\", \"CVE-2009-3909\");\n\n script_name(english:\"openSUSE Security Update : gimp (openSUSE-SU-2010:0115-1)\");\n script_summary(english:\"Check for the gimp-2160 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Integer overflows in the BMP and PSD plug-ins potentially allowed\nattackers to execute arbitrary code on the victim's system by tricking\nthe victim to open specially crafted files (CVE-2009-1570,\nCVE-2009-3909). \n\nGimp was updated to to version 2.6.8 which fixes those issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=555144\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=555166\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-04/msg00014.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gimp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gimp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gimp-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gimp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gimp-help-browser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gimp-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gimp-plugins-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/04/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"gimp-2.6.8-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"gimp-branding-upstream-2.6.8-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"gimp-devel-2.6.8-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"gimp-help-browser-2.6.8-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"gimp-lang-2.6.8-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"gimp-plugins-python-2.6.8-1.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gimp\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:04:36", "description": "Integer overflows in the BMP plug-in potentially allowed attackers to execute arbitrary code on the victim's system by tricking the victim to open specially crafted files (CVE-2009-1570).", "cvss3": {"score": null, "vector": null}, "published": "2010-04-15T00:00:00", "type": "nessus", "title": "openSUSE Security Update : gimp (openSUSE-SU-2010:0110-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1570", "CVE-2009-3909"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:gimp", "p-cpe:/a:novell:opensuse:gimp-branding-upstream", "p-cpe:/a:novell:opensuse:gimp-devel", "p-cpe:/a:novell:opensuse:gimp-plugins-python", "cpe:/o:novell:opensuse:11.0"], "id": "SUSE_11_0_GIMP-100318.NASL", "href": "https://www.tenable.com/plugins/nessus/45532", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update gimp-2154.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(45532);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1570\", \"CVE-2009-3909\");\n\n script_name(english:\"openSUSE Security Update : gimp (openSUSE-SU-2010:0110-1)\");\n script_summary(english:\"Check for the gimp-2154 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Integer overflows in the BMP plug-in potentially allowed attackers to\nexecute arbitrary code on the victim's system by tricking the victim\nto open specially crafted files (CVE-2009-1570).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=555144\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-04/msg00012.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gimp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gimp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gimp-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gimp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gimp-plugins-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/04/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"gimp-2.4.5-41.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"gimp-branding-upstream-2.4.5-41.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"gimp-devel-2.4.5-41.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"gimp-plugins-python-2.4.5-41.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gimp / gimp-branding-upstream / gimp-devel / gimp-plugins-python\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:02:21", "description": "Integer overflows in the BMP and PSD plug-ins potentially allowed attackers to execute arbitrary code on the victim's system by tricking the victim to open specially crafted files. (CVE-2009-1570 / CVE-2009-3909)", "cvss3": {"score": null, "vector": null}, "published": "2010-12-02T00:00:00", "type": "nessus", "title": "SuSE 11 Security Update : gimp (SAT Patch Number 2155)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1570", "CVE-2009-3909"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:gimp", "p-cpe:/a:novell:suse_linux:11:gimp-lang", "p-cpe:/a:novell:suse_linux:11:gimp-plugins-python", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_GIMP-100318.NASL", "href": "https://www.tenable.com/plugins/nessus/50910", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50910);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1570\", \"CVE-2009-3909\");\n\n script_name(english:\"SuSE 11 Security Update : gimp (SAT Patch Number 2155)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Integer overflows in the BMP and PSD plug-ins potentially allowed\nattackers to execute arbitrary code on the victim's system by tricking\nthe victim to open specially crafted files. (CVE-2009-1570 /\nCVE-2009-3909)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=555144\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=555166\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1570.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3909.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 2155.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:gimp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:gimp-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:gimp-plugins-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"gimp-2.6.2-3.28.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"gimp-lang-2.6.2-3.28.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"gimp-plugins-python-2.6.2-3.28.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"gimp-2.6.2-3.28.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"gimp-lang-2.6.2-3.28.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"gimp-plugins-python-2.6.2-3.28.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:01:58", "description": "Integer overflows in the BMP and PSD plug-ins potentially allowed attackers to execute arbitrary code on the victim's system by tricking the victim to open specially crafted files. \n\n - CVE-2009-3909: CVSS v2 Base Score: 4.3 (moderate) (AV:N/AC:M/Au:N/C:N/I:N/A:P): Numeric Errors. (CWE-189).\n (CVE-2009-1570: CVSS v2 Base Score: 4.3 (moderate) (AV:N/AC:M/Au:N/C:N/I:N/A:P)). (- Numeric Errors (CWE-189))", "cvss3": {"score": null, "vector": null}, "published": "2011-01-27T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : gimp (ZYPP Patch Number 6882)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1570", "CVE-2009-3909"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_GIMP-6882.NASL", "href": "https://www.tenable.com/plugins/nessus/51747", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51747);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1570\", \"CVE-2009-3909\");\n\n script_name(english:\"SuSE 10 Security Update : gimp (ZYPP Patch Number 6882)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Integer overflows in the BMP and PSD plug-ins potentially allowed\nattackers to execute arbitrary code on the victim's system by tricking\nthe victim to open specially crafted files. \n\n - CVE-2009-3909: CVSS v2 Base Score: 4.3 (moderate)\n (AV:N/AC:M/Au:N/C:N/I:N/A:P): Numeric Errors. (CWE-189).\n (CVE-2009-1570: CVSS v2 Base Score: 4.3 (moderate)\n (AV:N/AC:M/Au:N/C:N/I:N/A:P)). (- Numeric Errors\n (CWE-189))\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1570.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3909.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6882.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"i586\", reference:\"gimp-2.2.10-22.33.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"i586\", reference:\"gimp-devel-2.2.10-22.33.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"gimp-2.2.10-22.32\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"gimp-devel-2.2.10-22.32\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:05:25", "description": "Stefan Cornelius discovered that GIMP did not correctly handle certain malformed BMP files. If a user were tricked into opening a specially crafted BMP file, an attacker could execute arbitrary code with the user's privileges. (CVE-2009-1570)\n\nStefan Cornelius discovered that GIMP did not correctly handle certain malformed PSD files. If a user were tricked into opening a specially crafted PSD file, an attacker could execute arbitrary code with the user's privileges. This issue only applied to Ubuntu 8.10, 9.04 and 9.10. (CVE-2009-3909).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-01-08T00:00:00", "type": "nessus", "title": "Ubuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : gimp vulnerabilities (USN-880-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1570", "CVE-2009-3909"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:gimp", "p-cpe:/a:canonical:ubuntu_linux:gimp-data", "p-cpe:/a:canonical:ubuntu_linux:gimp-dbg", "p-cpe:/a:canonical:ubuntu_linux:gimp-gnomevfs", "p-cpe:/a:canonical:ubuntu_linux:gimp-libcurl", "p-cpe:/a:canonical:ubuntu_linux:gimp-python", "p-cpe:/a:canonical:ubuntu_linux:libgimp2.0", "p-cpe:/a:canonical:ubuntu_linux:libgimp2.0-dev", "p-cpe:/a:canonical:ubuntu_linux:libgimp2.0-doc", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:8.10", "cpe:/o:canonical:ubuntu_linux:9.04", "cpe:/o:canonical:ubuntu_linux:9.10"], "id": "UBUNTU_USN-880-1.NASL", "href": "https://www.tenable.com/plugins/nessus/43825", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-880-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43825);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/09/19 12:54:26\");\n\n script_cve_id(\"CVE-2009-1570\", \"CVE-2009-3909\");\n script_bugtraq_id(37006, 37040);\n script_xref(name:\"USN\", value:\"880-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : gimp vulnerabilities (USN-880-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Stefan Cornelius discovered that GIMP did not correctly handle certain\nmalformed BMP files. If a user were tricked into opening a specially\ncrafted BMP file, an attacker could execute arbitrary code with the\nuser's privileges. (CVE-2009-1570)\n\nStefan Cornelius discovered that GIMP did not correctly handle certain\nmalformed PSD files. If a user were tricked into opening a specially\ncrafted PSD file, an attacker could execute arbitrary code with the\nuser's privileges. This issue only applied to Ubuntu 8.10, 9.04 and\n9.10. (CVE-2009-3909).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/880-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gimp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gimp-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gimp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gimp-gnomevfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gimp-libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gimp-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgimp2.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgimp2.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgimp2.0-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04|8\\.10|9\\.04|9\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 8.10 / 9.04 / 9.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"gimp\", pkgver:\"2.4.5-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"gimp-data\", pkgver:\"2.4.5-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"gimp-dbg\", pkgver:\"2.4.5-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"gimp-gnomevfs\", pkgver:\"2.4.5-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"gimp-libcurl\", pkgver:\"2.4.5-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"gimp-python\", pkgver:\"2.4.5-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libgimp2.0\", pkgver:\"2.4.5-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libgimp2.0-dev\", pkgver:\"2.4.5-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libgimp2.0-doc\", pkgver:\"2.4.5-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"gimp\", pkgver:\"2.6.1-1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"gimp-data\", pkgver:\"2.6.1-1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"gimp-dbg\", pkgver:\"2.6.1-1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libgimp2.0\", pkgver:\"2.6.1-1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libgimp2.0-dev\", pkgver:\"2.6.1-1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libgimp2.0-doc\", pkgver:\"2.6.1-1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"gimp\", pkgver:\"2.6.6-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"gimp-data\", pkgver:\"2.6.6-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"gimp-dbg\", pkgver:\"2.6.6-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libgimp2.0\", pkgver:\"2.6.6-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libgimp2.0-dev\", pkgver:\"2.6.6-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libgimp2.0-doc\", pkgver:\"2.6.6-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"gimp\", pkgver:\"2.6.7-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"gimp-data\", pkgver:\"2.6.7-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"gimp-dbg\", pkgver:\"2.6.7-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libgimp2.0\", pkgver:\"2.6.7-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libgimp2.0-dev\", pkgver:\"2.6.7-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libgimp2.0-doc\", pkgver:\"2.6.7-1ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gimp / gimp-data / gimp-dbg / gimp-gnomevfs / gimp-libcurl / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:02:02", "description": "Integer overflows in the BMP and PSD plug-ins potentially allowed attackers to execute arbitrary code on the victim's system by tricking the victim to open specially crafted files.\n\n - CVE-2009-3909: CVSS v2 Base Score: 4.3 (moderate) (AV:N/AC:M/Au:N/C:N/I:N/A:P): Numeric Errors. (CWE-189).\n (CVE-2009-1570: CVSS v2 Base Score: 4.3 (moderate) (AV:N/AC:M/Au:N/C:N/I:N/A:P)). (- Numeric Errors (CWE-189))", "cvss3": {"score": null, "vector": null}, "published": "2011-01-27T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : gimp (ZYPP Patch Number 6880)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1570", "CVE-2009-3909"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_GIMP-6880.NASL", "href": "https://www.tenable.com/plugins/nessus/51746", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51746);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1570\", \"CVE-2009-3909\");\n\n script_name(english:\"SuSE 10 Security Update : gimp (ZYPP Patch Number 6880)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Integer overflows in the BMP and PSD plug-ins potentially allowed\nattackers to execute arbitrary code on the victim's system by tricking\nthe victim to open specially crafted files.\n\n - CVE-2009-3909: CVSS v2 Base Score: 4.3 (moderate)\n (AV:N/AC:M/Au:N/C:N/I:N/A:P): Numeric Errors. (CWE-189).\n (CVE-2009-1570: CVSS v2 Base Score: 4.3 (moderate)\n (AV:N/AC:M/Au:N/C:N/I:N/A:P)). (- Numeric Errors\n (CWE-189))\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-1570.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3909.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6880.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"gimp-2.2.10-22.33.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"gimp-devel-2.2.10-22.33.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:05:45", "description": "New gimp packages are available for Slackware 12.1, 12.2, 13.0, and\n-current to fix security issues.", "cvss3": {"score": null, "vector": null}, "published": "2009-12-14T00:00:00", "type": "nessus", "title": "Slackware 12.1 / 12.2 / 13.0 / current : gimp (SSA:2009-345-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1570", "CVE-2009-3909"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:gimp", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:12.1", "cpe:/o:slackware:slackware_linux:12.2", "cpe:/o:slackware:slackware_linux:13.0"], "id": "SLACKWARE_SSA_2009-345-01.NASL", "href": "https://www.tenable.com/plugins/nessus/43112", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2009-345-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43112);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1570\", \"CVE-2009-3909\");\n script_bugtraq_id(37006, 37040);\n script_xref(name:\"SSA\", value:\"2009-345-01\");\n\n script_name(english:\"Slackware 12.1 / 12.2 / 13.0 / current : gimp (SSA:2009-345-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New gimp packages are available for Slackware 12.1, 12.2, 13.0, and\n-current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.433860\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?55ded981\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gimp package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:gimp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"12.1\", pkgname:\"gimp\", pkgver:\"2.4.7\", pkgarch:\"i486\", pkgnum:\"1_slack12.1\")) flag++;\n\nif (slackware_check(osver:\"12.2\", pkgname:\"gimp\", pkgver:\"2.4.7\", pkgarch:\"i486\", pkgnum:\"2_slack12.2\")) flag++;\n\nif (slackware_check(osver:\"13.0\", pkgname:\"gimp\", pkgver:\"2.6.8\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"gimp\", pkgver:\"2.6.8\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"gimp\", pkgver:\"2.6.8\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"gimp\", pkgver:\"2.6.8\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:33:30", "description": "GNOME 2.6.0_x86: GIMP patch.\nDate this patch was last updated by Sun : Jan/08/10", "cvss3": {"score": null, "vector": null}, "published": "2018-03-12T00:00:00", "type": "nessus", "title": "Solaris 10 (x86) : 143511-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1570"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:10:143511", "cpe:/o:oracle:solaris:10"], "id": "SOLARIS10_X86_143511-01.NASL", "href": "https://www.tenable.com/plugins/nessus/108041", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(108041);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1570\");\n\n script_name(english:\"Solaris 10 (x86) : 143511-01\");\n script_summary(english:\"Check for patch 143511-01\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 143511-01\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"GNOME 2.6.0_x86: GIMP patch.\nDate this patch was last updated by Sun : Jan/08/10\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://download.oracle.com/sunalerts/1021722.1.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 143511-01\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:143511\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"i386\") audit(AUDIT_ARCH_NOT, \"i386\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"143511-01\", obsoleted_by:\"122213-46 \", package:\"SUNWgnome-img-editor\", version:\"2.6.0,REV=10.0.3.2004.12.16.18.25\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SUNWgnome-img-editor\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:33:05", "description": "GNOME 2.6.0: GIMP patch.\nDate this patch was last updated by Sun : Jan/08/10", "cvss3": {"score": null, "vector": null}, "published": "2018-03-12T00:00:00", "type": "nessus", "title": "Solaris 10 (sparc) : 143510-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1570"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:10:143510", "cpe:/o:oracle:solaris:10"], "id": "SOLARIS10_143510-01.NASL", "href": "https://www.tenable.com/plugins/nessus/107546", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(107546);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1570\");\n\n script_name(english:\"Solaris 10 (sparc) : 143510-01\");\n script_summary(english:\"Check for patch 143510-01\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 143510-01\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"GNOME 2.6.0: GIMP patch.\nDate this patch was last updated by Sun : Jan/08/10\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://download.oracle.com/sunalerts/1021722.1.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 143510-01\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:143510\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"sparc\") audit(AUDIT_ARCH_NOT, \"sparc\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"143510-01\", obsoleted_by:\"122212-46 \", package:\"SUNWgnome-img-editor\", version:\"2.6.0,REV=10.0.3.2004.12.16.17.35\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SUNWgnome-img-editor\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:05:44", "description": "A vulnerability was discovered and corrected in gimp :\n\nInteger overflow in the ReadImage function in plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a BMP file with crafted width and height values that trigger a heap-based buffer overflow (CVE-2009-1570).\n\nThis update provides a solution to this vulnerability.\n\nUpdate :\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0 customers", "cvss3": {"score": null, "vector": null}, "published": "2009-12-14T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : gimp (MDVSA-2009:296-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1570"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:gimp", "p-cpe:/a:mandriva:linux:gimp-python", "p-cpe:/a:mandriva:linux:lib64gimp2.0-devel", "p-cpe:/a:mandriva:linux:lib64gimp2.0_0", "p-cpe:/a:mandriva:linux:libgimp2.0-devel", "p-cpe:/a:mandriva:linux:libgimp2.0_0", "cpe:/o:mandriva:linux:2008.0"], "id": "MANDRIVA_MDVSA-2009-296.NASL", "href": "https://www.tenable.com/plugins/nessus/43144", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:296. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43144);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-1570\");\n script_bugtraq_id(37006);\n script_xref(name:\"MDVSA\", value:\"2009:296-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : gimp (MDVSA-2009:296-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability was discovered and corrected in gimp :\n\nInteger overflow in the ReadImage function in\nplug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote\nattackers to execute arbitrary code via a BMP file with crafted width\nand height values that trigger a heap-based buffer overflow\n(CVE-2009-1570).\n\nThis update provides a solution to this vulnerability.\n\nUpdate :\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0\ncustomers\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://secuniaresearch.flexerasoftware.com/secunia_research/2009-42/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gimp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gimp-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64gimp2.0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64gimp2.0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgimp2.0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgimp2.0_0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gimp-2.4.0-0.rc2.3.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"gimp-python-2.4.0-0.rc2.3.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64gimp2.0-devel-2.4.0-0.rc2.3.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64gimp2.0_0-2.4.0-0.rc2.3.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libgimp2.0-devel-2.4.0-0.rc2.3.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libgimp2.0_0-2.4.0-0.rc2.3.1mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:56:59", "description": "The remote host is affected by the vulnerability described in GLSA-201209-23 (GIMP: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in GIMP. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": null, "vector": null}, "published": "2012-09-29T00:00:00", "type": "nessus", "title": "GLSA-201209-23 : GIMP: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1570", "CVE-2009-3909", "CVE-2010-4540", "CVE-2010-4541", "CVE-2010-4542", "CVE-2010-4543", "CVE-2011-1178", "CVE-2011-2896", "CVE-2012-2763", "CVE-2012-3402"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:gimp", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201209-23.NASL", "href": "https://www.tenable.com/plugins/nessus/62379", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201209-23.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62379);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-1570\", \"CVE-2009-3909\", \"CVE-2010-4540\", \"CVE-2010-4541\", \"CVE-2010-4542\", \"CVE-2010-4543\", \"CVE-2011-1178\", \"CVE-2011-2896\", \"CVE-2012-2763\", \"CVE-2012-3402\");\n script_bugtraq_id(37006, 37040, 45647, 48057, 49148, 53741, 55103);\n script_xref(name:\"GLSA\", value:\"201209-23\");\n\n script_name(english:\"GLSA-201209-23 : GIMP: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201209-23\n(GIMP: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in GIMP. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201209-23\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All GIMP users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-gfx/gimp-2.6.12-r2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'GIMP script-fu Server Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:gimp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-gfx/gimp\", unaffected:make_list(\"ge 2.6.12-r2\"), vulnerable:make_list(\"lt 2.6.12-r2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GIMP\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:00:36", "description": "Updated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe GIMP (GNU Image Manipulation Program) is an image composition and editing program.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's Microsoft Windows Bitmap (BMP) and Personal Computer eXchange (PCX) image file plug-ins. An attacker could create a specially crafted BMP or PCX image file that, when opened, could cause the relevant plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2009-1570, CVE-2011-1178)\n\nA heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro (PSP) image file plug-in. An attacker could create a specially crafted PSP image file that, when opened, could cause the PSP plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2010-4543)\n\nA stack-based buffer overflow flaw was found in the GIMP's Sphere Designer image filter. An attacker could create a specially crafted Sphere Designer filter configuration file that, when opened, could cause the Sphere Designer plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP.\n(CVE-2010-4541)\n\nRed Hat would like to thank Stefan Cornelius of Secunia Research for responsibly reporting the CVE-2009-1570 flaw.\n\nUsers of the GIMP are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The GIMP must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2011-06-02T00:00:00", "type": "nessus", "title": "CentOS 4 : gimp (CESA-2011:0837)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1570", "CVE-2010-4541", "CVE-2010-4543", "CVE-2011-1178"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:gimp", "p-cpe:/a:centos:centos:gimp-devel", "cpe:/o:centos:centos:4"], "id": "CENTOS_RHSA-2011-0837.NASL", "href": "https://www.tenable.com/plugins/nessus/54936", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0837 and \n# CentOS Errata and Security Advisory 2011:0837 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(54936);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-1570\", \"CVE-2010-4541\", \"CVE-2010-4543\", \"CVE-2011-1178\");\n script_bugtraq_id(37006, 45647);\n script_xref(name:\"RHSA\", value:\"2011:0837\");\n\n script_name(english:\"CentOS 4 : gimp (CESA-2011:0837)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated gimp packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe GIMP (GNU Image Manipulation Program) is an image composition and\nediting program.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the GIMP's Microsoft Windows Bitmap (BMP) and Personal\nComputer eXchange (PCX) image file plug-ins. An attacker could create\na specially crafted BMP or PCX image file that, when opened, could\ncause the relevant plug-in to crash or, potentially, execute arbitrary\ncode with the privileges of the user running the GIMP. (CVE-2009-1570,\nCVE-2011-1178)\n\nA heap-based buffer overflow flaw was found in the GIMP's Paint Shop\nPro (PSP) image file plug-in. An attacker could create a specially\ncrafted PSP image file that, when opened, could cause the PSP plug-in\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running the GIMP. (CVE-2010-4543)\n\nA stack-based buffer overflow flaw was found in the GIMP's Sphere\nDesigner image filter. An attacker could create a specially crafted\nSphere Designer filter configuration file that, when opened, could\ncause the Sphere Designer plug-in to crash or, potentially, execute\narbitrary code with the privileges of the user running the GIMP.\n(CVE-2010-4541)\n\nRed Hat would like to thank Stefan Cornelius of Secunia Research for\nresponsibly reporting the CVE-2009-1570 flaw.\n\nUsers of the GIMP are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The GIMP\nmust be restarted for the update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-June/017603.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e79990a6\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-June/017604.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3613c703\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gimp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gimp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gimp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"gimp-2.0.5-7.0.7.el4.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"gimp-2.0.5-7.0.7.el4.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"gimp-devel-2.0.5-7.0.7.el4.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"gimp-devel-2.0.5-7.0.7.el4.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gimp / gimp-devel\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:57:25", "description": "The GIMP (GNU Image Manipulation Program) is an image composition and editing program.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's Microsoft Windows Bitmap (BMP) and Personal Computer eXchange (PCX) image file plug-ins. An attacker could create a specially crafted BMP or PCX image file that, when opened, could cause the relevant plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2009-1570, CVE-2011-1178)\n\nA heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro (PSP) image file plug-in. An attacker could create a specially crafted PSP image file that, when opened, could cause the PSP plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2010-4543)\n\nA stack-based buffer overflow flaw was found in the GIMP's Sphere Designer image filter. An attacker could create a specially crafted Sphere Designer filter configuration file that, when opened, could cause the Sphere Designer plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP.\n(CVE-2010-4541)\n\nUsers of the GIMP are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The GIMP must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : gimp on SL4.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1570", "CVE-2010-4541", "CVE-2010-4543", "CVE-2011-1178"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110531_GIMP_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61056", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61056);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1570\", \"CVE-2010-4541\", \"CVE-2010-4543\", \"CVE-2011-1178\");\n\n script_name(english:\"Scientific Linux Security Update : gimp on SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The GIMP (GNU Image Manipulation Program) is an image composition and\nediting program.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the GIMP's Microsoft Windows Bitmap (BMP) and Personal\nComputer eXchange (PCX) image file plug-ins. An attacker could create\na specially crafted BMP or PCX image file that, when opened, could\ncause the relevant plug-in to crash or, potentially, execute arbitrary\ncode with the privileges of the user running the GIMP. (CVE-2009-1570,\nCVE-2011-1178)\n\nA heap-based buffer overflow flaw was found in the GIMP's Paint Shop\nPro (PSP) image file plug-in. An attacker could create a specially\ncrafted PSP image file that, when opened, could cause the PSP plug-in\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running the GIMP. (CVE-2010-4543)\n\nA stack-based buffer overflow flaw was found in the GIMP's Sphere\nDesigner image filter. An attacker could create a specially crafted\nSphere Designer filter configuration file that, when opened, could\ncause the Sphere Designer plug-in to crash or, potentially, execute\narbitrary code with the privileges of the user running the GIMP.\n(CVE-2010-4541)\n\nUsers of the GIMP are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The GIMP\nmust be restarted for the update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1106&L=scientific-linux-errata&T=0&P=903\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5d679b61\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gimp, gimp-debuginfo and / or gimp-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"gimp-2.0.5-7.0.7.el4.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"gimp-debuginfo-2.0.5-7.0.7.el4.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"gimp-devel-2.0.5-7.0.7.el4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:00:53", "description": "Updated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe GIMP (GNU Image Manipulation Program) is an image composition and editing program.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's Microsoft Windows Bitmap (BMP) and Personal Computer eXchange (PCX) image file plug-ins. An attacker could create a specially crafted BMP or PCX image file that, when opened, could cause the relevant plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2009-1570, CVE-2011-1178)\n\nA heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro (PSP) image file plug-in. An attacker could create a specially crafted PSP image file that, when opened, could cause the PSP plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2010-4543)\n\nA stack-based buffer overflow flaw was found in the GIMP's Sphere Designer image filter. An attacker could create a specially crafted Sphere Designer filter configuration file that, when opened, could cause the Sphere Designer plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP.\n(CVE-2010-4541)\n\nRed Hat would like to thank Stefan Cornelius of Secunia Research for responsibly reporting the CVE-2009-1570 flaw.\n\nUsers of the GIMP are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The GIMP must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2011-06-01T00:00:00", "type": "nessus", "title": "RHEL 4 : gimp (RHSA-2011:0837)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1570", "CVE-2010-4541", "CVE-2010-4543", "CVE-2011-1178"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:gimp", "p-cpe:/a:redhat:enterprise_linux:gimp-devel", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.8"], "id": "REDHAT-RHSA-2011-0837.NASL", "href": "https://www.tenable.com/plugins/nessus/54926", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0837. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(54926);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1570\", \"CVE-2010-4541\", \"CVE-2010-4543\", \"CVE-2011-1178\");\n script_bugtraq_id(37006, 45647);\n script_xref(name:\"RHSA\", value:\"2011:0837\");\n\n script_name(english:\"RHEL 4 : gimp (RHSA-2011:0837)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated gimp packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe GIMP (GNU Image Manipulation Program) is an image composition and\nediting program.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the GIMP's Microsoft Windows Bitmap (BMP) and Personal\nComputer eXchange (PCX) image file plug-ins. An attacker could create\na specially crafted BMP or PCX image file that, when opened, could\ncause the relevant plug-in to crash or, potentially, execute arbitrary\ncode with the privileges of the user running the GIMP. (CVE-2009-1570,\nCVE-2011-1178)\n\nA heap-based buffer overflow flaw was found in the GIMP's Paint Shop\nPro (PSP) image file plug-in. An attacker could create a specially\ncrafted PSP image file that, when opened, could cause the PSP plug-in\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running the GIMP. (CVE-2010-4543)\n\nA stack-based buffer overflow flaw was found in the GIMP's Sphere\nDesigner image filter. An attacker could create a specially crafted\nSphere Designer filter configuration file that, when opened, could\ncause the Sphere Designer plug-in to crash or, potentially, execute\narbitrary code with the privileges of the user running the GIMP.\n(CVE-2010-4541)\n\nRed Hat would like to thank Stefan Cornelius of Secunia Research for\nresponsibly reporting the CVE-2009-1570 flaw.\n\nUsers of the GIMP are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The GIMP\nmust be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1570\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4541\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4543\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:0837\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gimp and / or gimp-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gimp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gimp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:0837\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"gimp-2.0.5-7.0.7.el4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"gimp-devel-2.0.5-7.0.7.el4.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gimp / gimp-devel\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:54:18", "description": "From Red Hat Security Advisory 2011:0837 :\n\nUpdated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe GIMP (GNU Image Manipulation Program) is an image composition and editing program.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's Microsoft Windows Bitmap (BMP) and Personal Computer eXchange (PCX) image file plug-ins. An attacker could create a specially crafted BMP or PCX image file that, when opened, could cause the relevant plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2009-1570, CVE-2011-1178)\n\nA heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro (PSP) image file plug-in. An attacker could create a specially crafted PSP image file that, when opened, could cause the PSP plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2010-4543)\n\nA stack-based buffer overflow flaw was found in the GIMP's Sphere Designer image filter. An attacker could create a specially crafted Sphere Designer filter configuration file that, when opened, could cause the Sphere Designer plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP.\n(CVE-2010-4541)\n\nRed Hat would like to thank Stefan Cornelius of Secunia Research for responsibly reporting the CVE-2009-1570 flaw.\n\nUsers of the GIMP are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The GIMP must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 4 : gimp (ELSA-2011-0837)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1570", "CVE-2010-4541", "CVE-2010-4543", "CVE-2011-1178"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:gimp", "p-cpe:/a:oracle:linux:gimp-devel", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2011-0837.NASL", "href": "https://www.tenable.com/plugins/nessus/68278", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:0837 and \n# Oracle Linux Security Advisory ELSA-2011-0837 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68278);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1570\", \"CVE-2010-4541\", \"CVE-2010-4543\", \"CVE-2011-1178\");\n script_bugtraq_id(37006, 45647);\n script_xref(name:\"RHSA\", value:\"2011:0837\");\n\n script_name(english:\"Oracle Linux 4 : gimp (ELSA-2011-0837)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:0837 :\n\nUpdated gimp packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe GIMP (GNU Image Manipulation Program) is an image composition and\nediting program.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the GIMP's Microsoft Windows Bitmap (BMP) and Personal\nComputer eXchange (PCX) image file plug-ins. An attacker could create\na specially crafted BMP or PCX image file that, when opened, could\ncause the relevant plug-in to crash or, potentially, execute arbitrary\ncode with the privileges of the user running the GIMP. (CVE-2009-1570,\nCVE-2011-1178)\n\nA heap-based buffer overflow flaw was found in the GIMP's Paint Shop\nPro (PSP) image file plug-in. An attacker could create a specially\ncrafted PSP image file that, when opened, could cause the PSP plug-in\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running the GIMP. (CVE-2010-4543)\n\nA stack-based buffer overflow flaw was found in the GIMP's Sphere\nDesigner image filter. An attacker could create a specially crafted\nSphere Designer filter configuration file that, when opened, could\ncause the Sphere Designer plug-in to crash or, potentially, execute\narbitrary code with the privileges of the user running the GIMP.\n(CVE-2010-4541)\n\nRed Hat would like to thank Stefan Cornelius of Secunia Research for\nresponsibly reporting the CVE-2009-1570 flaw.\n\nUsers of the GIMP are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The GIMP\nmust be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-May/002151.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gimp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gimp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gimp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"gimp-2.0.5-7.0.7.el4.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"gimp-devel-2.0.5-7.0.7.el4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gimp / gimp-devel\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:12:46", "description": "From Red Hat Security Advisory 2012:1181 :\n\nUpdated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe GIMP (GNU Image Manipulation Program) is an image composition and editing program.\n\nMultiple integer overflow flaws, leading to heap-based buffer overflows, were found in the GIMP's Adobe Photoshop (PSD) image file plug-in. An attacker could create a specially crafted PSD image file that, when opened, could cause the PSD plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2009-3909, CVE-2012-3402)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's GIF image format plug-in. An attacker could create a specially crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2012-3481)\n\nA heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch (LZW) decompression algorithm implementation used by the GIMP's GIF image format plug-in. An attacker could create a specially crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2011-2896)\n\nA heap-based buffer overflow flaw was found in the GIMP's KiSS CEL file format plug-in. An attacker could create a specially crafted KiSS palette file that, when opened, could cause the CEL plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2012-3403)\n\nRed Hat would like to thank Secunia Research for reporting CVE-2009-3909, and Matthias Weckbecker of the SUSE Security Team for reporting CVE-2012-3481.\n\nUsers of the GIMP are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The GIMP must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : gimp (ELSA-2012-1181)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3909", "CVE-2011-2896", "CVE-2012-3402", "CVE-2012-3403", "CVE-2012-3481"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:gimp", "p-cpe:/a:oracle:linux:gimp-devel", "p-cpe:/a:oracle:linux:gimp-libs", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2012-1181.NASL", "href": "https://www.tenable.com/plugins/nessus/68601", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:1181 and \n# Oracle Linux Security Advisory ELSA-2012-1181 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68601);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3909\", \"CVE-2011-2896\", \"CVE-2012-3402\", \"CVE-2012-3403\", \"CVE-2012-3481\");\n script_xref(name:\"RHSA\", value:\"2012:1181\");\n\n script_name(english:\"Oracle Linux 5 : gimp (ELSA-2012-1181)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:1181 :\n\nUpdated gimp packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe GIMP (GNU Image Manipulation Program) is an image composition and\nediting program.\n\nMultiple integer overflow flaws, leading to heap-based buffer\noverflows, were found in the GIMP's Adobe Photoshop (PSD) image file\nplug-in. An attacker could create a specially crafted PSD image file\nthat, when opened, could cause the PSD plug-in to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the GIMP. (CVE-2009-3909, CVE-2012-3402)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the GIMP's GIF image format plug-in. An attacker could create\na specially crafted GIF image file that, when opened, could cause the\nGIF plug-in to crash or, potentially, execute arbitrary code with the\nprivileges of the user running the GIMP. (CVE-2012-3481)\n\nA heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch\n(LZW) decompression algorithm implementation used by the GIMP's GIF\nimage format plug-in. An attacker could create a specially crafted GIF\nimage file that, when opened, could cause the GIF plug-in to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the GIMP. (CVE-2011-2896)\n\nA heap-based buffer overflow flaw was found in the GIMP's KiSS CEL\nfile format plug-in. An attacker could create a specially crafted KiSS\npalette file that, when opened, could cause the CEL plug-in to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running the GIMP. (CVE-2012-3403)\n\nRed Hat would like to thank Secunia Research for reporting\nCVE-2009-3909, and Matthias Weckbecker of the SUSE Security Team for\nreporting CVE-2012-3481.\n\nUsers of the GIMP are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The GIMP\nmust be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-August/002985.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gimp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gimp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gimp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gimp-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"gimp-2.2.13-2.0.7.el5_8.5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"gimp-devel-2.2.13-2.0.7.el5_8.5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"gimp-libs-2.2.13-2.0.7.el5_8.5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gimp / gimp-devel / gimp-libs\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:09:29", "description": "Updated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe GIMP (GNU Image Manipulation Program) is an image composition and editing program.\n\nMultiple integer overflow flaws, leading to heap-based buffer overflows, were found in the GIMP's Adobe Photoshop (PSD) image file plug-in. An attacker could create a specially crafted PSD image file that, when opened, could cause the PSD plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2009-3909, CVE-2012-3402)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's GIF image format plug-in. An attacker could create a specially crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2012-3481)\n\nA heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch (LZW) decompression algorithm implementation used by the GIMP's GIF image format plug-in. An attacker could create a specially crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2011-2896)\n\nA heap-based buffer overflow flaw was found in the GIMP's KiSS CEL file format plug-in. An attacker could create a specially crafted KiSS palette file that, when opened, could cause the CEL plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2012-3403)\n\nRed Hat would like to thank Secunia Research for reporting CVE-2009-3909, and Matthias Weckbecker of the SUSE Security Team for reporting CVE-2012-3481.\n\nUsers of the GIMP are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The GIMP must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-21T00:00:00", "type": "nessus", "title": "CentOS 5 : gimp (CESA-2012:1181)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3909", "CVE-2011-2896", "CVE-2012-3402", "CVE-2012-3403", "CVE-2012-3481"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:gimp", "p-cpe:/a:centos:centos:gimp-devel", "p-cpe:/a:centos:centos:gimp-libs", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2012-1181.NASL", "href": "https://www.tenable.com/plugins/nessus/61600", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:1181 and \n# CentOS Errata and Security Advisory 2012:1181 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61600);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-3909\", \"CVE-2011-2896\", \"CVE-2012-3402\", \"CVE-2012-3403\", \"CVE-2012-3481\");\n script_xref(name:\"RHSA\", value:\"2012:1181\");\n\n script_name(english:\"CentOS 5 : gimp (CESA-2012:1181)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated gimp packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe GIMP (GNU Image Manipulation Program) is an image composition and\nediting program.\n\nMultiple integer overflow flaws, leading to heap-based buffer\noverflows, were found in the GIMP's Adobe Photoshop (PSD) image file\nplug-in. An attacker could create a specially crafted PSD image file\nthat, when opened, could cause the PSD plug-in to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the GIMP. (CVE-2009-3909, CVE-2012-3402)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the GIMP's GIF image format plug-in. An attacker could create\na specially crafted GIF image file that, when opened, could cause the\nGIF plug-in to crash or, potentially, execute arbitrary code with the\nprivileges of the user running the GIMP. (CVE-2012-3481)\n\nA heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch\n(LZW) decompression algorithm implementation used by the GIMP's GIF\nimage format plug-in. An attacker could create a specially crafted GIF\nimage file that, when opened, could cause the GIF plug-in to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the GIMP. (CVE-2011-2896)\n\nA heap-based buffer overflow flaw was found in the GIMP's KiSS CEL\nfile format plug-in. An attacker could create a specially crafted KiSS\npalette file that, when opened, could cause the CEL plug-in to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running the GIMP. (CVE-2012-3403)\n\nRed Hat would like to thank Secunia Research for reporting\nCVE-2009-3909, and Matthias Weckbecker of the SUSE Security Team for\nreporting CVE-2012-3481.\n\nUsers of the GIMP are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The GIMP\nmust be restarted for the update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-August/018809.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7e97b3a2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gimp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2009-3909\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gimp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gimp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gimp-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"gimp-2.2.13-2.0.7.el5_8.5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"gimp-devel-2.2.13-2.0.7.el5_8.5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"gimp-libs-2.2.13-2.0.7.el5_8.5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gimp / gimp-devel / gimp-libs\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:10:02", "description": "Updated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe GIMP (GNU Image Manipulation Program) is an image composition and editing program.\n\nMultiple integer overflow flaws, leading to heap-based buffer overflows, were found in the GIMP's Adobe Photoshop (PSD) image file plug-in. An attacker could create a specially crafted PSD image file that, when opened, could cause the PSD plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2009-3909, CVE-2012-3402)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's GIF image format plug-in. An attacker could create a specially crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2012-3481)\n\nA heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch (LZW) decompression algorithm implementation used by the GIMP's GIF image format plug-in. An attacker could create a specially crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2011-2896)\n\nA heap-based buffer overflow flaw was found in the GIMP's KiSS CEL file format plug-in. An attacker could create a specially crafted KiSS palette file that, when opened, could cause the CEL plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2012-3403)\n\nRed Hat would like to thank Secunia Research for reporting CVE-2009-3909, and Matthias Weckbecker of the SUSE Security Team for reporting CVE-2012-3481.\n\nUsers of the GIMP are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The GIMP must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-21T00:00:00", "type": "nessus", "title": "RHEL 5 : gimp (RHSA-2012:1181)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3909", "CVE-2011-2896", "CVE-2012-3402", "CVE-2012-3403", "CVE-2012-3481"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:gimp", "p-cpe:/a:redhat:enterprise_linux:gimp-debuginfo", "p-cpe:/a:redhat:enterprise_linux:gimp-devel", "p-cpe:/a:redhat:enterprise_linux:gimp-libs", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2012-1181.NASL", "href": "https://www.tenable.com/plugins/nessus/61604", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:1181. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61604);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3909\", \"CVE-2011-2896\", \"CVE-2012-3402\", \"CVE-2012-3403\", \"CVE-2012-3481\");\n script_xref(name:\"RHSA\", value:\"2012:1181\");\n\n script_name(english:\"RHEL 5 : gimp (RHSA-2012:1181)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated gimp packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe GIMP (GNU Image Manipulation Program) is an image composition and\nediting program.\n\nMultiple integer overflow flaws, leading to heap-based buffer\noverflows, were found in the GIMP's Adobe Photoshop (PSD) image file\nplug-in. An attacker could create a specially crafted PSD image file\nthat, when opened, could cause the PSD plug-in to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the GIMP. (CVE-2009-3909, CVE-2012-3402)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the GIMP's GIF image format plug-in. An attacker could create\na specially crafted GIF image file that, when opened, could cause the\nGIF plug-in to crash or, potentially, execute arbitrary code with the\nprivileges of the user running the GIMP. (CVE-2012-3481)\n\nA heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch\n(LZW) decompression algorithm implementation used by the GIMP's GIF\nimage format plug-in. An attacker could create a specially crafted GIF\nimage file that, when opened, could cause the GIF plug-in to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the GIMP. (CVE-2011-2896)\n\nA heap-based buffer overflow flaw was found in the GIMP's KiSS CEL\nfile format plug-in. An attacker could create a specially crafted KiSS\npalette file that, when opened, could cause the CEL plug-in to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running the GIMP. (CVE-2012-3403)\n\nRed Hat would like to thank Secunia Research for reporting\nCVE-2009-3909, and Matthias Weckbecker of the SUSE Security Team for\nreporting CVE-2012-3481.\n\nUsers of the GIMP are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The GIMP\nmust be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:1181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2896\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3403\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3481\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-3402\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3909\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gimp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gimp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gimp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gimp-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:1181\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"gimp-2.2.13-2.0.7.el5_8.5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"gimp-2.2.13-2.0.7.el5_8.5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"gimp-2.2.13-2.0.7.el5_8.5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"gimp-debuginfo-2.2.13-2.0.7.el5_8.5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"gimp-devel-2.2.13-2.0.7.el5_8.5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"gimp-libs-2.2.13-2.0.7.el5_8.5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gimp / gimp-debuginfo / gimp-devel / gimp-libs\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:09:54", "description": "The GIMP (GNU Image Manipulation Program) is an image composition and editing program.\n\nMultiple integer overflow flaws, leading to heap-based buffer overflows, were found in the GIMP's Adobe Photoshop (PSD) image file plug-in. An attacker could create a specially crafted PSD image file that, when opened, could cause the PSD plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2009-3909, CVE-2012-3402)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's GIF image format plug-in. An attacker could create a specially crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2012-3481)\n\nA heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch (LZW) decompression algorithm implementation used by the GIMP's GIF image format plug-in. An attacker could create a specially crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2011-2896)\n\nA heap-based buffer overflow flaw was found in the GIMP's KiSS CEL file format plug-in. An attacker could create a specially crafted KiSS palette file that, when opened, could cause the CEL plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2012-3403)\n\nUsers of the GIMP are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The GIMP must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-21T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : gimp on SL5.x i386/x86_64 (20120820)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3909", "CVE-2011-2896", "CVE-2012-3402", "CVE-2012-3403", "CVE-2012-3481"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:gimp", "p-cpe:/a:fermilab:scientific_linux:gimp-devel", "p-cpe:/a:fermilab:scientific_linux:gimp-libs", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20120820_GIMP_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61605", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61605);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3909\", \"CVE-2011-2896\", \"CVE-2012-3402\", \"CVE-2012-3403\", \"CVE-2012-3481\");\n\n script_name(english:\"Scientific Linux Security Update : gimp on SL5.x i386/x86_64 (20120820)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The GIMP (GNU Image Manipulation Program) is an image composition and\nediting program.\n\nMultiple integer overflow flaws, leading to heap-based buffer\noverflows, were found in the GIMP's Adobe Photoshop (PSD) image file\nplug-in. An attacker could create a specially crafted PSD image file\nthat, when opened, could cause the PSD plug-in to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the GIMP. (CVE-2009-3909, CVE-2012-3402)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the GIMP's GIF image format plug-in. An attacker could create\na specially crafted GIF image file that, when opened, could cause the\nGIF plug-in to crash or, potentially, execute arbitrary code with the\nprivileges of the user running the GIMP. (CVE-2012-3481)\n\nA heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch\n(LZW) decompression algorithm implementation used by the GIMP's GIF\nimage format plug-in. An attacker could create a specially crafted GIF\nimage file that, when opened, could cause the GIF plug-in to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning the GIMP. (CVE-2011-2896)\n\nA heap-based buffer overflow flaw was found in the GIMP's KiSS CEL\nfile format plug-in. An attacker could create a specially crafted KiSS\npalette file that, when opened, could cause the CEL plug-in to crash\nor, potentially, execute arbitrary code with the privileges of the\nuser running the GIMP. (CVE-2012-3403)\n\nUsers of the GIMP are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The GIMP\nmust be restarted for the update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1208&L=scientific-linux-errata&T=0&P=1841\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cfb9e000\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gimp, gimp-devel and / or gimp-libs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gimp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gimp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gimp-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/08/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 5.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"gimp-2.2.13-2.0.7.el5_8.5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"gimp-devel-2.2.13-2.0.7.el5_8.5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"gimp-libs-2.2.13-2.0.7.el5_8.5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gimp / gimp-devel / gimp-libs\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:53:58", "description": "Updated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe GIMP (GNU Image Manipulation Program) is an image composition and editing program.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's Microsoft Windows Bitmap (BMP) and Personal Computer eXchange (PCX) image file plug-ins. An attacker could create a specially crafted BMP or PCX image file that, when opened, could cause the relevant plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2009-1570, CVE-2011-1178)\n\nA heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro (PSP) image file plug-in. An attacker could create a specially crafted PSP image file that, when opened, could cause the PSP plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2010-4543)\n\nA stack-based buffer overflow flaw was found in the GIMP's Lightning, Sphere Designer, and Gfig image filters. An attacker could create a specially crafted Lightning, Sphere Designer, or Gfig filter configuration file that, when opened, could cause the relevant plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2010-4540, CVE-2010-4541, CVE-2010-4542)\n\nRed Hat would like to thank Stefan Cornelius of Secunia Research for responsibly reporting the CVE-2009-1570 flaw.\n\nUsers of the GIMP are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The GIMP must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2013-06-29T00:00:00", "type": "nessus", "title": "CentOS 5 : gimp (CESA-2011:0838)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1570", "CVE-2010-4540", "CVE-2010-4541", "CVE-2010-4542", "CVE-2010-4543", "CVE-2011-1178"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:gimp", "p-cpe:/a:centos:centos:gimp-devel", "p-cpe:/a:centos:centos:gimp-libs", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2011-0838.NASL", "href": "https://www.tenable.com/plugins/nessus/67082", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0838 and \n# CentOS Errata and Security Advisory 2011:0838 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67082);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-1570\", \"CVE-2010-4540\", \"CVE-2010-4541\", \"CVE-2010-4542\", \"CVE-2010-4543\", \"CVE-2011-1178\");\n script_bugtraq_id(37006, 45647);\n script_xref(name:\"RHSA\", value:\"2011:0838\");\n\n script_name(english:\"CentOS 5 : gimp (CESA-2011:0838)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated gimp packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe GIMP (GNU Image Manipulation Program) is an image composition and\nediting program.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the GIMP's Microsoft Windows Bitmap (BMP) and Personal\nComputer eXchange (PCX) image file plug-ins. An attacker could create\na specially crafted BMP or PCX image file that, when opened, could\ncause the relevant plug-in to crash or, potentially, execute arbitrary\ncode with the privileges of the user running the GIMP. (CVE-2009-1570,\nCVE-2011-1178)\n\nA heap-based buffer overflow flaw was found in the GIMP's Paint Shop\nPro (PSP) image file plug-in. An attacker could create a specially\ncrafted PSP image file that, when opened, could cause the PSP plug-in\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running the GIMP. (CVE-2010-4543)\n\nA stack-based buffer overflow flaw was found in the GIMP's Lightning,\nSphere Designer, and Gfig image filters. An attacker could create a\nspecially crafted Lightning, Sphere Designer, or Gfig filter\nconfiguration file that, when opened, could cause the relevant plug-in\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running the GIMP. (CVE-2010-4540, CVE-2010-4541,\nCVE-2010-4542)\n\nRed Hat would like to thank Stefan Cornelius of Secunia Research for\nresponsibly reporting the CVE-2009-1570 flaw.\n\nUsers of the GIMP are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The GIMP\nmust be restarted for the update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-May/017597.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ff9bf108\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-May/017598.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f2da4f32\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gimp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gimp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gimp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gimp-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"gimp-2.2.13-2.0.7.el5_6.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"gimp-devel-2.2.13-2.0.7.el5_6.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"gimp-libs-2.2.13-2.0.7.el5_6.2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gimp / gimp-devel / gimp-libs\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:57:55", "description": "The GIMP (GNU Image Manipulation Program) is an image composition and editing program.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's Microsoft Windows Bitmap (BMP) and Personal Computer eXchange (PCX) image file plug-ins. An attacker could create a specially crafted BMP or PCX image file that, when opened, could cause the relevant plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2009-1570, CVE-2011-1178)\n\nA heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro (PSP) image file plug-in. An attacker could create a specially crafted PSP image file that, when opened, could cause the PSP plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2010-4543)\n\nA stack-based buffer overflow flaw was found in the GIMP's Lightning, Sphere Designer, and Gfig image filters. An attacker could create a specially crafted Lightning, Sphere Designer, or Gfig filter configuration file that, when opened, could cause the relevant plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2010-4540, CVE-2010-4541, CVE-2010-4542)\n\nUsers of the GIMP are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The GIMP must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : gimp on SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1570", "CVE-2010-4540", "CVE-2010-4541", "CVE-2010-4542", "CVE-2010-4543", "CVE-2011-1178"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110531_GIMP_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61057", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61057);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1570\", \"CVE-2010-4540\", \"CVE-2010-4541\", \"CVE-2010-4542\", \"CVE-2010-4543\", \"CVE-2011-1178\");\n\n script_name(english:\"Scientific Linux Security Update : gimp on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The GIMP (GNU Image Manipulation Program) is an image composition and\nediting program.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the GIMP's Microsoft Windows Bitmap (BMP) and Personal\nComputer eXchange (PCX) image file plug-ins. An attacker could create\na specially crafted BMP or PCX image file that, when opened, could\ncause the relevant plug-in to crash or, potentially, execute arbitrary\ncode with the privileges of the user running the GIMP. (CVE-2009-1570,\nCVE-2011-1178)\n\nA heap-based buffer overflow flaw was found in the GIMP's Paint Shop\nPro (PSP) image file plug-in. An attacker could create a specially\ncrafted PSP image file that, when opened, could cause the PSP plug-in\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running the GIMP. (CVE-2010-4543)\n\nA stack-based buffer overflow flaw was found in the GIMP's Lightning,\nSphere Designer, and Gfig image filters. An attacker could create a\nspecially crafted Lightning, Sphere Designer, or Gfig filter\nconfiguration file that, when opened, could cause the relevant plug-in\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running the GIMP. (CVE-2010-4540, CVE-2010-4541,\nCVE-2010-4542)\n\nUsers of the GIMP are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The GIMP\nmust be restarted for the update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1106&L=scientific-linux-errata&T=0&P=1022\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?010d1eb7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"gimp-2.2.13-2.0.7.el5_6.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"gimp-debuginfo-2.2.13-2.0.7.el5_6.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"gimp-devel-2.2.13-2.0.7.el5_6.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"gimp-libs-2.2.13-2.0.7.el5_6.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:00:42", "description": "Updated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe GIMP (GNU Image Manipulation Program) is an image composition and editing program.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's Microsoft Windows Bitmap (BMP) and Personal Computer eXchange (PCX) image file plug-ins. An attacker could create a specially crafted BMP or PCX image file that, when opened, could cause the relevant plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2009-1570, CVE-2011-1178)\n\nA heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro (PSP) image file plug-in. An attacker could create a specially crafted PSP image file that, when opened, could cause the PSP plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2010-4543)\n\nA stack-based buffer overflow flaw was found in the GIMP's Lightning, Sphere Designer, and Gfig image filters. An attacker could create a specially crafted Lightning, Sphere Designer, or Gfig filter configuration file that, when opened, could cause the relevant plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2010-4540, CVE-2010-4541, CVE-2010-4542)\n\nRed Hat would like to thank Stefan Cornelius of Secunia Research for responsibly reporting the CVE-2009-1570 flaw.\n\nUsers of the GIMP are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The GIMP must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2011-06-01T00:00:00", "type": "nessus", "title": "RHEL 5 : gimp (RHSA-2011:0838)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1570", "CVE-2010-4540", "CVE-2010-4541", "CVE-2010-4542", "CVE-2010-4543", "CVE-2011-1178"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:gimp", "p-cpe:/a:redhat:enterprise_linux:gimp-devel", "p-cpe:/a:redhat:enterprise_linux:gimp-libs", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.6"], "id": "REDHAT-RHSA-2011-0838.NASL", "href": "https://www.tenable.com/plugins/nessus/54927", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0838. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(54927);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1570\", \"CVE-2010-4540\", \"CVE-2010-4541\", \"CVE-2010-4542\", \"CVE-2010-4543\", \"CVE-2011-1178\");\n script_bugtraq_id(37006, 45647);\n script_xref(name:\"RHSA\", value:\"2011:0838\");\n\n script_name(english:\"RHEL 5 : gimp (RHSA-2011:0838)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated gimp packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe GIMP (GNU Image Manipulation Program) is an image composition and\nediting program.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the GIMP's Microsoft Windows Bitmap (BMP) and Personal\nComputer eXchange (PCX) image file plug-ins. An attacker could create\na specially crafted BMP or PCX image file that, when opened, could\ncause the relevant plug-in to crash or, potentially, execute arbitrary\ncode with the privileges of the user running the GIMP. (CVE-2009-1570,\nCVE-2011-1178)\n\nA heap-based buffer overflow flaw was found in the GIMP's Paint Shop\nPro (PSP) image file plug-in. An attacker could create a specially\ncrafted PSP image file that, when opened, could cause the PSP plug-in\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running the GIMP. (CVE-2010-4543)\n\nA stack-based buffer overflow flaw was found in the GIMP's Lightning,\nSphere Designer, and Gfig image filters. An attacker could create a\nspecially crafted Lightning, Sphere Designer, or Gfig filter\nconfiguration file that, when opened, could cause the relevant plug-in\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running the GIMP. (CVE-2010-4540, CVE-2010-4541,\nCVE-2010-4542)\n\nRed Hat would like to thank Stefan Cornelius of Secunia Research for\nresponsibly reporting the CVE-2009-1570 flaw.\n\nUsers of the GIMP are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The GIMP\nmust be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1570\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4540\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4541\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-4543\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:0838\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gimp, gimp-devel and / or gimp-libs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gimp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gimp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gimp-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/06/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:0838\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"gimp-2.2.13-2.0.7.el5_6.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"gimp-2.2.13-2.0.7.el5_6.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"gimp-2.2.13-2.0.7.el5_6.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"gimp-devel-2.2.13-2.0.7.el5_6.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"gimp-libs-2.2.13-2.0.7.el5_6.2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gimp / gimp-devel / gimp-libs\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:53:32", "description": "From Red Hat Security Advisory 2011:0838 :\n\nUpdated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe GIMP (GNU Image Manipulation Program) is an image composition and editing program.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's Microsoft Windows Bitmap (BMP) and Personal Computer eXchange (PCX) image file plug-ins. An attacker could create a specially crafted BMP or PCX image file that, when opened, could cause the relevant plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2009-1570, CVE-2011-1178)\n\nA heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro (PSP) image file plug-in. An attacker could create a specially crafted PSP image file that, when opened, could cause the PSP plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2010-4543)\n\nA stack-based buffer overflow flaw was found in the GIMP's Lightning, Sphere Designer, and Gfig image filters. An attacker could create a specially crafted Lightning, Sphere Designer, or Gfig filter configuration file that, when opened, could cause the relevant plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2010-4540, CVE-2010-4541, CVE-2010-4542)\n\nRed Hat would like to thank Stefan Cornelius of Secunia Research for responsibly reporting the CVE-2009-1570 flaw.\n\nUsers of the GIMP are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The GIMP must be restarted for the update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : gimp (ELSA-2011-0838)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1570", "CVE-2010-4540", "CVE-2010-4541", "CVE-2010-4542", "CVE-2010-4543", "CVE-2011-1178"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:gimp", "p-cpe:/a:oracle:linux:gimp-devel", "p-cpe:/a:oracle:linux:gimp-libs", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2011-0838.NASL", "href": "https://www.tenable.com/plugins/nessus/68279", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:0838 and \n# Oracle Linux Security Advisory ELSA-2011-0838 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68279);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-1570\", \"CVE-2010-4540\", \"CVE-2010-4541\", \"CVE-2010-4542\", \"CVE-2010-4543\", \"CVE-2011-1178\");\n script_bugtraq_id(37006, 45647);\n script_xref(name:\"RHSA\", value:\"2011:0838\");\n\n script_name(english:\"Oracle Linux 5 : gimp (ELSA-2011-0838)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:0838 :\n\nUpdated gimp packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe GIMP (GNU Image Manipulation Program) is an image composition and\nediting program.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the GIMP's Microsoft Windows Bitmap (BMP) and Personal\nComputer eXchange (PCX) image file plug-ins. An attacker could create\na specially crafted BMP or PCX image file that, when opened, could\ncause the relevant plug-in to crash or, potentially, execute arbitrary\ncode with the privileges of the user running the GIMP. (CVE-2009-1570,\nCVE-2011-1178)\n\nA heap-based buffer overflow flaw was found in the GIMP's Paint Shop\nPro (PSP) image file plug-in. An attacker could create a specially\ncrafted PSP image file that, when opened, could cause the PSP plug-in\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running the GIMP. (CVE-2010-4543)\n\nA stack-based buffer overflow flaw was found in the GIMP's Lightning,\nSphere Designer, and Gfig image filters. An attacker could create a\nspecially crafted Lightning, Sphere Designer, or Gfig filter\nconfiguration file that, when opened, could cause the relevant plug-in\nto crash or, potentially, execute arbitrary code with the privileges\nof the user running the GIMP. (CVE-2010-4540, CVE-2010-4541,\nCVE-2010-4542)\n\nRed Hat would like to thank Stefan Cornelius of Secunia Research for\nresponsibly reporting the CVE-2009-1570 flaw.\n\nUsers of the GIMP are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The GIMP\nmust be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-May/002154.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gimp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gimp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gimp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gimp-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"gimp-2.2.13-2.0.7.el5_6.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"gimp-devel-2.2.13-2.0.7.el5_6.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"gimp-libs-2.2.13-2.0.7.el5_6.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gimp / gimp-devel / gimp-libs\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:05:20", "description": "Several integer overflows, buffer overflows and memory allocation errors were discovered in the Poppler PDF rendering library, which may lead to denial of service or the execution of arbitrary code if a user is tricked into opening a malformed PDF document.\n\nAn update for the old stable distribution (etch) will be issued soon as version 0.4.5-5.1etch4.", "cvss3": {"score": null, "vector": null}, "published": "2010-02-24T00:00:00", "type": "nessus", "title": "Debian DSA-1941-1 : poppler - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0755", "CVE-2009-0756", "CVE-2009-3604", "CVE-2009-3605", "CVE-2009-3606", "CVE-2009-3607", "CVE-2009-3608", "CVE-2009-3609", "CVE-2009-3903", "CVE-2009-3904", "CVE-2009-3905", "CVE-2009-3909", "CVE-2009-3938"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:poppler", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-1941.NASL", "href": "https://www.tenable.com/plugins/nessus/44806", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1941. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44806);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-0755\", \"CVE-2009-0756\", \"CVE-2009-3604\", \"CVE-2009-3605\", \"CVE-2009-3606\", \"CVE-2009-3607\", \"CVE-2009-3608\", \"CVE-2009-3609\", \"CVE-2009-3903\", \"CVE-2009-3904\", \"CVE-2009-3905\", \"CVE-2009-3909\", \"CVE-2009-3938\");\n script_bugtraq_id(36703, 36718, 36976);\n script_xref(name:\"DSA\", value:\"1941\");\n\n script_name(english:\"Debian DSA-1941-1 : poppler - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several integer overflows, buffer overflows and memory allocation\nerrors were discovered in the Poppler PDF rendering library, which may\nlead to denial of service or the execution of arbitrary code if a user\nis tricked into opening a malformed PDF document.\n\nAn update for the old stable distribution (etch) will be issued soon\nas version 0.4.5-5.1etch4.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1941\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the poppler packages.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 0.8.7-3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(79, 119, 189, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"libpoppler-dev\", reference:\"0.8.7-3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libpoppler-glib-dev\", reference:\"0.8.7-3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libpoppler-glib3\", reference:\"0.8.7-3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libpoppler-qt-dev\", reference:\"0.8.7-3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libpoppler-qt2\", reference:\"0.8.7-3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libpoppler-qt4-3\", reference:\"0.8.7-3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libpoppler-qt4-dev\", reference:\"0.8.7-3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libpoppler3\", reference:\"0.8.7-3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"poppler-dbg\", reference:\"0.8.7-3\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"poppler-utils\", reference:\"0.8.7-3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2018-01-17T11:05:50", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-880-1", "cvss3": {}, "published": "2010-01-15T00:00:00", "type": "openvas", "title": "Ubuntu Update for gimp vulnerabilities USN-880-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3909", "CVE-2009-1570"], "modified": "2018-01-16T00:00:00", "id": "OPENVAS:1361412562310840362", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840362", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_880_1.nasl 8438 2018-01-16 17:38:23Z teissa $\n#\n# Ubuntu Update for gimp vulnerabilities USN-880-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Stefan Cornelius discovered that GIMP did not correctly handle certain\n malformed BMP files. If a user were tricked into opening a specially\n crafted BMP file, an attacker could execute arbitrary code with the user's\n privileges. (CVE-2009-1570)\n\n Stefan Cornelius discovered that GIMP did not correctly handle certain\n malformed PSD files. If a user were tricked into opening a specially\n crafted PSD file, an attacker could execute arbitrary code with the user's\n privileges. This issue only applied to Ubuntu 8.10, 9.04 and 9.10.\n (CVE-2009-3909)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-880-1\";\ntag_affected = \"gimp vulnerabilities on Ubuntu 8.04 LTS ,\n Ubuntu 8.10 ,\n Ubuntu 9.04 ,\n Ubuntu 9.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-880-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840362\");\n script_version(\"$Revision: 8438 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-16 18:38:23 +0100 (Tue, 16 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-01-15 10:29:41 +0100 (Fri, 15 Jan 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"880-1\");\n script_cve_id(\"CVE-2009-1570\", \"CVE-2009-3909\");\n script_name(\"Ubuntu Update for gimp vulnerabilities USN-880-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"gimp-dbg\", ver:\"2.6.6-0ubuntu1.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"gimp\", ver:\"2.6.6-0ubuntu1.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgimp2.0-dev\", ver:\"2.6.6-0ubuntu1.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgimp2.0\", ver:\"2.6.6-0ubuntu1.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"gimp-data\", ver:\"2.6.6-0ubuntu1.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgimp2.0-doc\", ver:\"2.6.6-0ubuntu1.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"gimp-dbg\", ver:\"2.6.1-1ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"gimp\", ver:\"2.6.1-1ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgimp2.0-dev\", ver:\"2.6.1-1ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgimp2.0\", ver:\"2.6.1-1ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"gimp-data\", ver:\"2.6.1-1ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgimp2.0-doc\", ver:\"2.6.1-1ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"gimp-dbg\", ver:\"2.4.5-1ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"gimp-gnomevfs\", ver:\"2.4.5-1ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"gimp-python\", ver:\"2.4.5-1ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"gimp\", ver:\"2.4.5-1ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgimp2.0-dev\", ver:\"2.4.5-1ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgimp2.0\", ver:\"2.4.5-1ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"gimp-libcurl\", ver:\"2.4.5-1ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"gimp-data\", ver:\"2.4.5-1ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgimp2.0-doc\", ver:\"2.4.5-1ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"gimp-dbg\", ver:\"2.6.7-1ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"gimp\", ver:\"2.6.7-1ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgimp2.0-dev\", ver:\"2.6.7-1ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgimp2.0\", ver:\"2.6.7-1ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"gimp-data\", ver:\"2.6.7-1ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgimp2.0-doc\", ver:\"2.6.7-1ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:47", "description": "Check for the Version of gimp", "cvss3": {}, "published": "2010-04-30T00:00:00", "type": "openvas", "title": "Mandriva Update for gimp MDVSA-2009:332-1 (gimp)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3909", "CVE-2009-1570"], "modified": "2017-12-27T00:00:00", "id": "OPENVAS:1361412562310831022", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831022", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for gimp MDVSA-2009:332-1 (gimp)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability was discovered and corrected in gimp:\n\n Integer overflow in the read_channel_data function in\n plug-ins/file-psd/psd-load.c in GIMP 2.6.7 might allow remote attackers\n to execute arbitrary code via a crafted PSD file that triggers a\n heap-based buffer overflow (CVE-2009-3909).\n \n Additionally the patch for CVE-2009-1570 in MDVSA-2009:296 was\n incomplete, this update corrects this as well.\n \n This update provides a solution to this vulnerability.\n \n Update:\n \n Packages for 2009.0 are provided due to the Extended Maintenance\n Program.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"gimp on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-04/msg00054.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831022\");\n script_version(\"$Revision: 8250 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-27 08:29:15 +0100 (Wed, 27 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-30 14:39:22 +0200 (Fri, 30 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2009:332-1\");\n script_cve_id(\"CVE-2009-3909\", \"CVE-2009-1570\");\n script_name(\"Mandriva Update for gimp MDVSA-2009:332-1 (gimp)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gimp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"gimp\", rpm:\"gimp~2.4.7~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gimp-python\", rpm:\"gimp-python~2.4.7~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgimp2.0_0\", rpm:\"libgimp2.0_0~2.4.7~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgimp2.0-devel\", rpm:\"libgimp2.0-devel~2.4.7~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gimp2.0_0\", rpm:\"lib64gimp2.0_0~2.4.7~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gimp2.0-devel\", rpm:\"lib64gimp2.0-devel~2.4.7~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:58", "description": "The remote host is missing an update as announced\nvia advisory SSA:2009-345-01.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2009-345-01 gimp ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3909", "CVE-2009-1570"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:66518", "href": "http://plugins.openvas.org/nasl.php?oid=66518", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2009_345_01.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New gimp packages are available for Slackware 12.1, 12.2, 13.0, and -current to\nfix security issues.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2009-345-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2009-345-01\";\n \nif(description)\n{\n script_id(66518);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2009-1570\", \"CVE-2009-3909\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 6598 $\");\n script_name(\"Slackware Advisory SSA:2009-345-01 gimp \");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"gimp\", ver:\"2.4.7-i486-1_slack12.1\", rls:\"SLK12.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"gimp\", ver:\"2.4.7-i486-2_slack12.2\", rls:\"SLK12.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"gimp\", ver:\"2.6.8-i486-1_slack13.0\", rls:\"SLK13.0\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:18:11", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-880-1", "cvss3": {}, "published": "2010-01-15T00:00:00", "type": "openvas", "title": "Ubuntu Update for gimp vulnerabilities USN-880-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3909", "CVE-2009-1570"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840362", "href": "http://plugins.openvas.org/nasl.php?oid=840362", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_880_1.nasl 7965 2017-12-01 07:38:25Z santu $\n#\n# Ubuntu Update for gimp vulnerabilities USN-880-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Stefan Cornelius discovered that GIMP did not correctly handle certain\n malformed BMP files. If a user were tricked into opening a specially\n crafted BMP file, an attacker could execute arbitrary code with the user's\n privileges. (CVE-2009-1570)\n\n Stefan Cornelius discovered that GIMP did not correctly handle certain\n malformed PSD files. If a user were tricked into opening a specially\n crafted PSD file, an attacker could execute arbitrary code with the user's\n privileges. This issue only applied to Ubuntu 8.10, 9.04 and 9.10.\n (CVE-2009-3909)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-880-1\";\ntag_affected = \"gimp vulnerabilities on Ubuntu 8.04 LTS ,\n Ubuntu 8.10 ,\n Ubuntu 9.04 ,\n Ubuntu 9.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-880-1/\");\n script_id(840362);\n script_version(\"$Revision: 7965 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:38:25 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-01-15 10:29:41 +0100 (Fri, 15 Jan 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"880-1\");\n script_cve_id(\"CVE-2009-1570\", \"CVE-2009-3909\");\n script_name(\"Ubuntu Update for gimp vulnerabilities USN-880-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"gimp-dbg\", ver:\"2.6.6-0ubuntu1.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"gimp\", ver:\"2.6.6-0ubuntu1.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgimp2.0-dev\", ver:\"2.6.6-0ubuntu1.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgimp2.0\", ver:\"2.6.6-0ubuntu1.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"gimp-data\", ver:\"2.6.6-0ubuntu1.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgimp2.0-doc\", ver:\"2.6.6-0ubuntu1.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"gimp-dbg\", ver:\"2.6.1-1ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"gimp\", ver:\"2.6.1-1ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgimp2.0-dev\", ver:\"2.6.1-1ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgimp2.0\", ver:\"2.6.1-1ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"gimp-data\", ver:\"2.6.1-1ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgimp2.0-doc\", ver:\"2.6.1-1ubuntu3.1\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"gimp-dbg\", ver:\"2.4.5-1ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"gimp-gnomevfs\", ver:\"2.4.5-1ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"gimp-python\", ver:\"2.4.5-1ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"gimp\", ver:\"2.4.5-1ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgimp2.0-dev\", ver:\"2.4.5-1ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgimp2.0\", ver:\"2.4.5-1ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"gimp-libcurl\", ver:\"2.4.5-1ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"gimp-data\", ver:\"2.4.5-1ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgimp2.0-doc\", ver:\"2.4.5-1ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"gimp-dbg\", ver:\"2.6.7-1ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"gimp\", ver:\"2.6.7-1ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgimp2.0-dev\", ver:\"2.6.7-1ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgimp2.0\", ver:\"2.6.7-1ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"gimp-data\", ver:\"2.6.7-1ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgimp2.0-doc\", ver:\"2.6.7-1ubuntu1.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-14T11:48:55", "description": "Check for the Version of gimp", "cvss3": {}, "published": "2010-04-30T00:00:00", "type": "openvas", "title": "Mandriva Update for gimp MDVSA-2009:332-1 (gimp)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3909", "CVE-2009-1570"], "modified": "2017-12-14T00:00:00", "id": "OPENVAS:831022", "href": "http://plugins.openvas.org/nasl.php?oid=831022", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for gimp MDVSA-2009:332-1 (gimp)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability was discovered and corrected in gimp:\n\n Integer overflow in the read_channel_data function in\n plug-ins/file-psd/psd-load.c in GIMP 2.6.7 might allow remote attackers\n to execute arbitrary code via a crafted PSD file that triggers a\n heap-based buffer overflow (CVE-2009-3909).\n \n Additionally the patch for CVE-2009-1570 in MDVSA-2009:296 was\n incomplete, this update corrects this as well.\n \n This update provides a solution to this vulnerability.\n \n Update:\n \n Packages for 2009.0 are provided due to the Extended Maintenance\n Program.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"gimp on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-04/msg00054.php\");\n script_id(831022);\n script_version(\"$Revision: 8109 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-14 07:31:15 +0100 (Thu, 14 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-30 14:39:22 +0200 (Fri, 30 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2009:332-1\");\n script_cve_id(\"CVE-2009-3909\", \"CVE-2009-1570\");\n script_name(\"Mandriva Update for gimp MDVSA-2009:332-1 (gimp)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gimp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"gimp\", rpm:\"gimp~2.4.7~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gimp-python\", rpm:\"gimp-python~2.4.7~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgimp2.0_0\", rpm:\"libgimp2.0_0~2.4.7~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgimp2.0-devel\", rpm:\"libgimp2.0-devel~2.4.7~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gimp2.0_0\", rpm:\"lib64gimp2.0_0~2.4.7~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gimp2.0-devel\", rpm:\"lib64gimp2.0-devel~2.4.7~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:48", "description": "The remote host is missing an update to gimp\nannounced via advisory MDVSA-2009:296-1.", "cvss3": {}, "published": "2009-12-14T00:00:00", "type": "openvas", "title": "Mandriva Security Advisory MDVSA-2009:296-1 (gimp)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1570"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066494", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066494", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_296_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:296-1 (gimp)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability was discovered and corrected in gimp:\n\nInteger overflow in the ReadImage function in\nplug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers\nto execute arbitrary code via a BMP file with crafted width and height\nvalues that trigger a heap-based buffer overflow (CVE-2009-1570).\n\nThis update provides a solution to this vulnerability.\n\nUpdate:\n\nPackages for 2008.0 are being provided due to extended support for\nCorporate products.\n\nAffected: 2008.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:296-1\nhttp://secunia.com/secunia_research/2009-42/\";\ntag_summary = \"The remote host is missing an update to gimp\nannounced via advisory MDVSA-2009:296-1.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66494\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-14 23:06:43 +0100 (Mon, 14 Dec 2009)\");\n script_cve_id(\"CVE-2009-1570\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandriva Security Advisory MDVSA-2009:296-1 (gimp)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"gimp\", rpm:\"gimp~2.4.0~0.rc2.3.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gimp-python\", rpm:\"gimp-python~2.4.0~0.rc2.3.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgimp2.0_0\", rpm:\"libgimp2.0_0~2.4.0~0.rc2.3.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgimp2.0-devel\", rpm:\"libgimp2.0-devel~2.4.0~0.rc2.3.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64gimp2.0_0\", rpm:\"lib64gimp2.0_0~2.4.0~0.rc2.3.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64gimp2.0-devel\", rpm:\"lib64gimp2.0-devel~2.4.0~0.rc2.3.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-23T13:05:57", "description": "Check for the Version of GIMP", "cvss3": {}, "published": "2010-02-03T00:00:00", "type": "openvas", "title": "Solaris Update for GIMP 143511-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1570"], "modified": "2018-01-23T00:00:00", "id": "OPENVAS:1361412562310855839", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855839", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for GIMP 143511-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"GIMP on solaris_5.10_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n GIMP\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855839\");\n script_version(\"$Revision: 8495 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-23 08:57:49 +0100 (Tue, 23 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-02-03 13:24:57 +0100 (Wed, 03 Feb 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"143511-01\");\n script_cve_id(\"CVE-2009-1570\");\n script_name(\"Solaris Update for GIMP 143511-01\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-143511-01-1\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of GIMP\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.10\", arch:\"i386\", patch:\"143511-01\", package:\"SUNWgnome-img-editor\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-20T13:17:46", "description": "Check for the Version of GNOME 2.6.0", "cvss3": {}, "published": "2010-02-03T00:00:00", "type": "openvas", "title": "Solaris Update for GNOME 2.6.0 143510-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1570"], "modified": "2017-12-19T00:00:00", "id": "OPENVAS:855805", "href": "http://plugins.openvas.org/nasl.php?oid=855805", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for GNOME 2.6.0 143510-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"GNOME 2.6.0 on solaris_5.10_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n GNOME 2.6.0\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855805);\n script_version(\"$Revision: 8164 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 07:30:41 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-02-03 13:24:57 +0100 (Wed, 03 Feb 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"143510-01\");\n script_cve_id(\"CVE-2009-1570\");\n script_name(\"Solaris Update for GNOME 2.6.0 143510-01\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-143510-01-1\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of GNOME 2.6.0\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"143510-01\", package:\"SUNWgnome-img-editor\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:50", "description": "Check for the Version of GIMP", "cvss3": {}, "published": "2010-02-03T00:00:00", "type": "openvas", "title": "Solaris Update for GIMP 143511-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1570"], "modified": "2017-12-22T00:00:00", "id": "OPENVAS:855839", "href": "http://plugins.openvas.org/nasl.php?oid=855839", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for GIMP 143511-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"GIMP on solaris_5.10_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n GIMP\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855839);\n script_version(\"$Revision: 8226 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 07:30:26 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-02-03 13:24:57 +0100 (Wed, 03 Feb 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"143511-01\");\n script_cve_id(\"CVE-2009-1570\");\n script_name(\"Solaris Update for GIMP 143511-01\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-143511-01-1\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of GIMP\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.10\", arch:\"i386\", patch:\"143511-01\", package:\"SUNWgnome-img-editor\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-17T11:05:17", "description": "Check for the Version of GNOME 2.6.0", "cvss3": {}, "published": "2010-02-03T00:00:00", "type": "openvas", "title": "Solaris Update for GNOME 2.6.0 143510-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1570"], "modified": "2018-01-16T00:00:00", "id": "OPENVAS:1361412562310855805", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310855805", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for GNOME 2.6.0 143510-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"GNOME 2.6.0 on solaris_5.10_sparc\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n GNOME 2.6.0\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.855805\");\n script_version(\"$Revision: 8438 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-16 18:38:23 +0100 (Tue, 16 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-02-03 13:24:57 +0100 (Wed, 03 Feb 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUNSolve\", value: \"143510-01\");\n script_cve_id(\"CVE-2009-1570\");\n script_name(\"Solaris Update for GNOME 2.6.0 143510-01\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-143510-01-1\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of GNOME 2.6.0\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"143510-01\", package:\"SUNWgnome-img-editor\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:57:17", "description": "The remote host is missing an update to gimp\nannounced via advisory MDVSA-2009:296-1.", "cvss3": {}, "published": "2009-12-14T00:00:00", "type": "openvas", "title": "Mandriva Security Advisory MDVSA-2009:296-1 (gimp)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1570"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:66494", "href": "http://plugins.openvas.org/nasl.php?oid=66494", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_296_1.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:296-1 (gimp)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability was discovered and corrected in gimp:\n\nInteger overflow in the ReadImage function in\nplug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers\nto execute arbitrary code via a BMP file with crafted width and height\nvalues that trigger a heap-based buffer overflow (CVE-2009-1570).\n\nThis update provides a solution to this vulnerability.\n\nUpdate:\n\nPackages for 2008.0 are being provided due to extended support for\nCorporate products.\n\nAffected: 2008.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:296-1\nhttp://secunia.com/secunia_research/2009-42/\";\ntag_summary = \"The remote host is missing an update to gimp\nannounced via advisory MDVSA-2009:296-1.\";\n\n \n\nif(description)\n{\n script_id(66494);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-14 23:06:43 +0100 (Mon, 14 Dec 2009)\");\n script_cve_id(\"CVE-2009-1570\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandriva Security Advisory MDVSA-2009:296-1 (gimp)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"gimp\", rpm:\"gimp~2.4.0~0.rc2.3.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gimp-python\", rpm:\"gimp-python~2.4.0~0.rc2.3.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgimp2.0_0\", rpm:\"libgimp2.0_0~2.4.0~0.rc2.3.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgimp2.0-devel\", rpm:\"libgimp2.0-devel~2.4.0~0.rc2.3.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64gimp2.0_0\", rpm:\"lib64gimp2.0_0~2.4.0~0.rc2.3.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64gimp2.0-devel\", rpm:\"lib64gimp2.0-devel~2.4.0~0.rc2.3.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:51:17", "description": "The remote host is missing updates announced in\nadvisory GLSA 201209-23.", "cvss3": {}, "published": "2012-10-03T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201209-23 (gimp)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3909", "CVE-2012-3402", "CVE-2010-4541", "CVE-2010-4542", "CVE-2011-1178", "CVE-2010-4540", "CVE-2010-4543", "CVE-2011-2896", "CVE-2009-1570", "CVE-2012-2763"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:72457", "href": "http://plugins.openvas.org/nasl.php?oid=72457", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been found in GIMP, the worst of\n which allow execution of arbitrary code or Denial of Service.\";\ntag_solution = \"All GIMP users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-gfx/gimp-2.6.12-r2'\n \n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201209-23\nhttp://bugs.gentoo.org/show_bug.cgi?id=293127\nhttp://bugs.gentoo.org/show_bug.cgi?id=350915\nhttp://bugs.gentoo.org/show_bug.cgi?id=372975\nhttp://bugs.gentoo.org/show_bug.cgi?id=379289\nhttp://bugs.gentoo.org/show_bug.cgi?id=418425\nhttp://bugs.gentoo.org/show_bug.cgi?id=432582\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201209-23.\";\n\n \n \nif(description)\n{\n script_id(72457);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-1570\", \"CVE-2009-3909\", \"CVE-2010-4540\", \"CVE-2010-4541\", \"CVE-2010-4542\", \"CVE-2010-4543\", \"CVE-2011-1178\", \"CVE-2011-2896\", \"CVE-2012-2763\", \"CVE-2012-3402\");\n script_version(\"$Revision: 6593 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:18:14 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-03 11:11:28 -0400 (Wed, 03 Oct 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201209-23 (gimp)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"media-gfx/gimp\", unaffected: make_list(\"ge 2.6.12-r2\"), vulnerable: make_list(\"lt 2.6.12-r2\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:57", "description": "The remote host is missing updates announced in\nadvisory GLSA 201209-23.", "cvss3": {}, "published": "2012-10-03T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201209-23 (gimp)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3909", "CVE-2012-3402", "CVE-2010-4541", "CVE-2010-4542", "CVE-2011-1178", "CVE-2010-4540", "CVE-2010-4543", "CVE-2011-2896", "CVE-2009-1570", "CVE-2012-2763"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:136141256231072457", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231072457", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201209_23.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.72457\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-1570\", \"CVE-2009-3909\", \"CVE-2010-4540\", \"CVE-2010-4541\", \"CVE-2010-4542\", \"CVE-2010-4543\", \"CVE-2011-1178\", \"CVE-2011-2896\", \"CVE-2012-2763\", \"CVE-2012-3402\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-03 11:11:28 -0400 (Wed, 03 Oct 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201209-23 (gimp)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been found in GIMP, the worst of\n which allow execution of arbitrary code or Denial of Service.\");\n script_tag(name:\"solution\", value:\"All GIMP users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-gfx/gimp-2.6.12-r2'\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201209-23\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=293127\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=350915\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=372975\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=379289\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=418425\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=432582\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201209-23.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"media-gfx/gimp\", unaffected: make_list(\"ge 2.6.12-r2\"), vulnerable: make_list(\"lt 2.6.12-r2\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:41", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-06-06T00:00:00", "type": "openvas", "title": "CentOS Update for gimp CESA-2011:0837 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4541", "CVE-2011-1178", "CVE-2010-4543", "CVE-2009-1570"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880489", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880489", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for gimp CESA-2011:0837 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-June/017603.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880489\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-06-06 16:56:27 +0200 (Mon, 06 Jun 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2011:0837\");\n script_cve_id(\"CVE-2009-1570\", \"CVE-2010-4541\", \"CVE-2010-4543\", \"CVE-2011-1178\");\n script_name(\"CentOS Update for gimp CESA-2011:0837 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gimp'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"gimp on CentOS 4\");\n script_tag(name:\"insight\", value:\"The GIMP (GNU Image Manipulation Program) is an image composition and\n editing program.\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the GIMP's Microsoft Windows Bitmap (BMP) and Personal Computer\n eXchange (PCX) image file plug-ins. An attacker could create a\n specially-crafted BMP or PCX image file that, when opened, could cause the\n relevant plug-in to crash or, potentially, execute arbitrary code with the\n privileges of the user running the GIMP. (CVE-2009-1570, CVE-2011-1178)\n\n A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro\n (PSP) image file plug-in. An attacker could create a specially-crafted PSP\n image file that, when opened, could cause the PSP plug-in to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n the GIMP. (CVE-2010-4543)\n\n A stack-based buffer overflow flaw was found in the GIMP's Sphere Designer\n image filter. An attacker could create a specially-crafted Sphere Designer\n filter configuration file that, when opened, could cause the Sphere\n Designer plug-in to crash or, potentially, execute arbitrary code with the\n privileges of the user running the GIMP. (CVE-2010-4541)\n\n Red Hat would like to thank Stefan Cornelius of Secunia Research for\n responsibly reporting the CVE-2009-1570 flaw.\n\n Users of the GIMP are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues. The GIMP must be\n restarted for the update to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"gimp\", rpm:\"gimp~2.0.5~7.0.7.el4.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gimp-devel\", rpm:\"gimp-devel~2.0.5~7.0.7.el4.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:55:53", "description": "Check for the Version of gimp", "cvss3": {}, "published": "2011-06-06T00:00:00", "type": "openvas", "title": "CentOS Update for gimp CESA-2011:0837 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4541", "CVE-2011-1178", "CVE-2010-4543", "CVE-2009-1570"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880489", "href": "http://plugins.openvas.org/nasl.php?oid=880489", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for gimp CESA-2011:0837 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The GIMP (GNU Image Manipulation Program) is an image composition and\n editing program.\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the GIMP's Microsoft Windows Bitmap (BMP) and Personal Computer\n eXchange (PCX) image file plug-ins. An attacker could create a\n specially-crafted BMP or PCX image file that, when opened, could cause the\n relevant plug-in to crash or, potentially, execute arbitrary code with the\n privileges of the user running the GIMP. (CVE-2009-1570, CVE-2011-1178)\n \n A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro\n (PSP) image file plug-in. An attacker could create a specially-crafted PSP\n image file that, when opened, could cause the PSP plug-in to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n the GIMP. (CVE-2010-4543)\n \n A stack-based buffer overflow flaw was found in the GIMP's Sphere Designer\n image filter. An attacker could create a specially-crafted Sphere Designer\n filter configuration file that, when opened, could cause the Sphere\n Designer plug-in to crash or, potentially, execute arbitrary code with the\n privileges of the user running the GIMP. (CVE-2010-4541)\n \n Red Hat would like to thank Stefan Cornelius of Secunia Research for\n responsibly reporting the CVE-2009-1570 flaw.\n \n Users of the GIMP are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues. The GIMP must be\n restarted for the update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"gimp on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-June/017603.html\");\n script_id(880489);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-06-06 16:56:27 +0200 (Mon, 06 Jun 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2011:0837\");\n script_cve_id(\"CVE-2009-1570\", \"CVE-2010-4541\", \"CVE-2010-4543\", \"CVE-2011-1178\");\n script_name(\"CentOS Update for gimp CESA-2011:0837 centos4 i386\");\n\n script_summary(\"Check for the Version of gimp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"gimp\", rpm:\"gimp~2.0.5~7.0.7.el4.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gimp-devel\", rpm:\"gimp-devel~2.0.5~7.0.7.el4.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:04", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for gimp CESA-2011:0837 centos4 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4541", "CVE-2011-1178", "CVE-2010-4543", "CVE-2009-1570"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881260", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881260", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for gimp CESA-2011:0837 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-June/017604.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881260\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:13:17 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2009-1570\", \"CVE-2010-4541\", \"CVE-2010-4543\", \"CVE-2011-1178\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2011:0837\");\n script_name(\"CentOS Update for gimp CESA-2011:0837 centos4 x86_64\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gimp'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"gimp on CentOS 4\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The GIMP (GNU Image Manipulation Program) is an image composition and\n editing program.\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the GIMP's Microsoft Windows Bitmap (BMP) and Personal Computer\n eXchange (PCX) image file plug-ins. An attacker could create a\n specially-crafted BMP or PCX image file that, when opened, could cause the\n relevant plug-in to crash or, potentially, execute arbitrary code with the\n privileges of the user running the GIMP. (CVE-2009-1570, CVE-2011-1178)\n\n A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro\n (PSP) image file plug-in. An attacker could create a specially-crafted PSP\n image file that, when opened, could cause the PSP plug-in to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n the GIMP. (CVE-2010-4543)\n\n A stack-based buffer overflow flaw was found in the GIMP's Sphere Designer\n image filter. An attacker could create a specially-crafted Sphere Designer\n filter configuration file that, when opened, could cause the Sphere\n Designer plug-in to crash or, potentially, execute arbitrary code with the\n privileges of the user running the GIMP. (CVE-2010-4541)\n\n Red Hat would like to thank Stefan Cornelius of Secunia Research for\n responsibly reporting the CVE-2009-1570 flaw.\n\n Users of the GIMP are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues. The GIMP must be\n restarted for the update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"gimp\", rpm:\"gimp~2.0.5~7.0.7.el4.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gimp-devel\", rpm:\"gimp-devel~2.0.5~7.0.7.el4.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-27T10:55:17", "description": "Check for the Version of gimp", "cvss3": {}, "published": "2011-06-06T00:00:00", "type": "openvas", "title": "RedHat Update for gimp RHSA-2011:0837-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4541", "CVE-2011-1178", "CVE-2010-4543", "CVE-2009-1570"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:870437", "href": "http://plugins.openvas.org/nasl.php?oid=870437", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for gimp RHSA-2011:0837-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The GIMP (GNU Image Manipulation Program) is an image composition and\n editing program.\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the GIMP's Microsoft Windows Bitmap (BMP) and Personal Computer\n eXchange (PCX) image file plug-ins. An attacker could create a\n specially-crafted BMP or PCX image file that, when opened, could cause the\n relevant plug-in to crash or, potentially, execute arbitrary code with the\n privileges of the user running the GIMP. (CVE-2009-1570, CVE-2011-1178)\n \n A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro\n (PSP) image file plug-in. An attacker could create a specially-crafted PSP\n image file that, when opened, could cause the PSP plug-in to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n the GIMP. (CVE-2010-4543)\n \n A stack-based buffer overflow flaw was found in the GIMP's Sphere Designer\n image filter. An attacker could create a specially-crafted Sphere Designer\n filter configuration file that, when opened, could cause the Sphere\n Designer plug-in to crash or, potentially, execute arbitrary code with the\n privileges of the user running the GIMP. (CVE-2010-4541)\n \n Red Hat would like to thank Stefan Cornelius of Secunia Research for\n responsibly reporting the CVE-2009-1570 flaw.\n \n Users of the GIMP are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues. The GIMP must be\n restarted for the update to take effect.\";\n\ntag_affected = \"gimp on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-May/msg00028.html\");\n script_id(870437);\n script_version(\"$Revision: 6685 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:44:46 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-06-06 16:56:27 +0200 (Mon, 06 Jun 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2011:0837-01\");\n script_cve_id(\"CVE-2009-1570\", \"CVE-2010-4541\", \"CVE-2010-4543\", \"CVE-2011-1178\");\n script_name(\"RedHat Update for gimp RHSA-2011:0837-01\");\n\n script_summary(\"Check for the Version of gimp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"gimp\", rpm:\"gimp~2.0.5~7.0.7.el4.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gimp-debuginfo\", rpm:\"gimp-debuginfo~2.0.5~7.0.7.el4.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gimp-devel\", rpm:\"gimp-devel~2.0.5~7.0.7.el4.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:57:25", "description": "Check for the Version of gimp", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for gimp CESA-2011:0837 centos4 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4541", "CVE-2011-1178", "CVE-2010-4543", "CVE-2009-1570"], "modified": "2018-01-01T00:00:00", "id": "OPENVAS:881260", "href": "http://plugins.openvas.org/nasl.php?oid=881260", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for gimp CESA-2011:0837 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The GIMP (GNU Image Manipulation Program) is an image composition and\n editing program.\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the GIMP's Microsoft Windows Bitmap (BMP) and Personal Computer\n eXchange (PCX) image file plug-ins. An attacker could create a\n specially-crafted BMP or PCX image file that, when opened, could cause the\n relevant plug-in to crash or, potentially, execute arbitrary code with the\n privileges of the user running the GIMP. (CVE-2009-1570, CVE-2011-1178)\n \n A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro\n (PSP) image file plug-in. An attacker could create a specially-crafted PSP\n image file that, when opened, could cause the PSP plug-in to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n the GIMP. (CVE-2010-4543)\n \n A stack-based buffer overflow flaw was found in the GIMP's Sphere Designer\n image filter. An attacker could create a specially-crafted Sphere Designer\n filter configuration file that, when opened, could cause the Sphere\n Designer plug-in to crash or, potentially, execute arbitrary code with the\n privileges of the user running the GIMP. (CVE-2010-4541)\n \n Red Hat would like to thank Stefan Cornelius of Secunia Research for\n responsibly reporting the CVE-2009-1570 flaw.\n \n Users of the GIMP are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues. The GIMP must be\n restarted for the update to take effect.\";\n\ntag_affected = \"gimp on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-June/017604.html\");\n script_id(881260);\n script_version(\"$Revision: 8265 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-01 07:29:23 +0100 (Mon, 01 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:13:17 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2009-1570\", \"CVE-2010-4541\", \"CVE-2010-4543\", \"CVE-2011-1178\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2011:0837\");\n script_name(\"CentOS Update for gimp CESA-2011:0837 centos4 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gimp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"gimp\", rpm:\"gimp~2.0.5~7.0.7.el4.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gimp-devel\", rpm:\"gimp-devel~2.0.5~7.0.7.el4.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:37", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-06-06T00:00:00", "type": "openvas", "title": "RedHat Update for gimp RHSA-2011:0837-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4541", "CVE-2011-1178", "CVE-2010-4543", "CVE-2009-1570"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870437", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870437", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for gimp RHSA-2011:0837-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-May/msg00028.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870437\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-06-06 16:56:27 +0200 (Mon, 06 Jun 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2011:0837-01\");\n script_cve_id(\"CVE-2009-1570\", \"CVE-2010-4541\", \"CVE-2010-4543\", \"CVE-2011-1178\");\n script_name(\"RedHat Update for gimp RHSA-2011:0837-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gimp'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_4\");\n script_tag(name:\"affected\", value:\"gimp on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The GIMP (GNU Image Manipulation Program) is an image composition and\n editing program.\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the GIMP's Microsoft Windows Bitmap (BMP) and Personal Computer\n eXchange (PCX) image file plug-ins. An attacker could create a\n specially-crafted BMP or PCX image file that, when opened, could cause the\n relevant plug-in to crash or, potentially, execute arbitrary code with the\n privileges of the user running the GIMP. (CVE-2009-1570, CVE-2011-1178)\n\n A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro\n (PSP) image file plug-in. An attacker could create a specially-crafted PSP\n image file that, when opened, could cause the PSP plug-in to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n the GIMP. (CVE-2010-4543)\n\n A stack-based buffer overflow flaw was found in the GIMP's Sphere Designer\n image filter. An attacker could create a specially-crafted Sphere Designer\n filter configuration file that, when opened, could cause the Sphere\n Designer plug-in to crash or, potentially, execute arbitrary code with the\n privileges of the user running the GIMP. (CVE-2010-4541)\n\n Red Hat would like to thank Stefan Cornelius of Secunia Research for\n responsibly reporting the CVE-2009-1570 flaw.\n\n Users of the GIMP are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues. The GIMP must be\n restarted for the update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"gimp\", rpm:\"gimp~2.0.5~7.0.7.el4.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gimp-debuginfo\", rpm:\"gimp-debuginfo~2.0.5~7.0.7.el4.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gimp-devel\", rpm:\"gimp-devel~2.0.5~7.0.7.el4.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-08T12:58:17", "description": "Check for the Version of gimp", "cvss3": {}, "published": "2012-08-21T00:00:00", "type": "openvas", "title": "RedHat Update for gimp RHSA-2012:1181-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3403", "CVE-2009-3909", "CVE-2012-3402", "CVE-2012-3481", "CVE-2011-2896"], "modified": "2018-01-08T00:00:00", "id": "OPENVAS:870809", "href": "http://plugins.openvas.org/nasl.php?oid=870809", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for gimp RHSA-2012:1181-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The GIMP (GNU Image Manipulation Program) is an image composition and\n editing program.\n\n Multiple integer overflow flaws, leading to heap-based buffer overflows,\n were found in the GIMP's Adobe Photoshop (PSD) image file plug-in. An\n attacker could create a specially-crafted PSD image file that, when opened,\n could cause the PSD plug-in to crash or, potentially, execute arbitrary\n code with the privileges of the user running the GIMP. (CVE-2009-3909,\n CVE-2012-3402)\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the GIMP's GIF image format plug-in. An attacker could create a\n specially-crafted GIF image file that, when opened, could cause the GIF\n plug-in to crash or, potentially, execute arbitrary code with the\n privileges of the user running the GIMP. (CVE-2012-3481)\n\n A heap-based buffer overflow flaw was found in the GIMP's KiSS CEL file\n format plug-in. An attacker could create a specially-crafted KiSS palette\n file that, when opened, could cause the CEL plug-in to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n the GIMP. (CVE-2012-3403)\n\n Red Hat would like to thank Secunia Research for reporting CVE-2009-3909,\n and Matthias Weckbecker of the SUSE Security Team for reporting\n CVE-2012-3481.\n\n Users of the GIMP are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues. The GIMP must be\n restarted for the update to take effect.\";\n\ntag_affected = \"gimp on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-August/msg00017.html\");\n script_id(870809);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-21 11:43:14 +0530 (Tue, 21 Aug 2012)\");\n script_cve_id(\"CVE-2009-3909\", \"CVE-2011-2896\", \"CVE-2012-3402\", \"CVE-2012-3403\", \"CVE-2012-3481\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2012:1181-01\");\n script_name(\"RedHat Update for gimp RHSA-2012:1181-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gimp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"gimp\", rpm:\"gimp~2.2.13~2.0.7.el5_8.5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gimp-debuginfo\", rpm:\"gimp-debuginfo~2.2.13~2.0.7.el5_8.5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gimp-devel\", rpm:\"gimp-devel~2.2.13~2.0.7.el5_8.5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gimp-libs\", rpm:\"gimp-libs~2.2.13~2.0.7.el5_8.5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:57:15", "description": "Check for the Version of gimp", "cvss3": {}, "published": "2012-08-21T00:00:00", "type": "openvas", "title": "CentOS Update for gimp CESA-2012:1181 centos5 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3403", "CVE-2009-3909", "CVE-2012-3402", "CVE-2012-3481", "CVE-2011-2896"], "modified": "2017-12-27T00:00:00", "id": "OPENVAS:881470", "href": "http://plugins.openvas.org/nasl.php?oid=881470", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for gimp CESA-2012:1181 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The GIMP (GNU Image Manipulation Program) is an image composition and\n editing program.\n\n Multiple integer overflow flaws, leading to heap-based buffer overflows,\n were found in the GIMP's Adobe Photoshop (PSD) image file plug-in. An\n attacker could create a specially-crafted PSD image file that, when opened,\n could cause the PSD plug-in to crash or, potentially, execute arbitrary\n code with the privileges of the user running the GIMP. (CVE-2009-3909,\n CVE-2012-3402)\n \n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the GIMP's GIF image format plug-in. An attacker could create a\n specially-crafted GIF image file that, when opened, could cause the GIF\n plug-in to crash or, potentially, execute arbitrary code with the\n privileges of the user running the GIMP. (CVE-2012-3481)\n \n A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch (LZW)\n decompression algorithm implementation used by the GIMP's GIF image format\n plug-in. An attacker could create a specially-crafted GIF image file that,\n when opened, could cause the GIF plug-in to crash or, potentially, execute\n arbitrary code with the privileges of the user running the GIMP.\n (CVE-2011-2896)\n \n A heap-based buffer overflow flaw was found in the GIMP's KiSS CEL file\n format plug-in. An attacker could create a specially-crafted KiSS palette\n file that, when opened, could cause the CEL plug-in to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n the GIMP. (CVE-2012-3403)\n \n Red Hat would like to thank Secunia Research for reporting CVE-2009-3909,\n and Matthias Weckbecker of the SUSE Security Team for reporting\n CVE-2012-3481.\n \n Users of the GIMP are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues. The GIMP must be\n restarted for the update to take effect.\";\n\ntag_affected = \"gimp on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-August/018809.html\");\n script_id(881470);\n script_version(\"$Revision: 8249 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-27 07:29:56 +0100 (Wed, 27 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-21 11:44:31 +0530 (Tue, 21 Aug 2012)\");\n script_cve_id(\"CVE-2009-3909\", \"CVE-2011-2896\", \"CVE-2012-3402\", \"CVE-2012-3403\",\n \"CVE-2012-3481\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2012:1181\");\n script_name(\"CentOS Update for gimp CESA-2012:1181 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gimp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"gimp\", rpm:\"gimp~2.2.13~2.0.7.el5_8.5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gimp-devel\", rpm:\"gimp-devel~2.2.13~2.0.7.el5_8.5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gimp-libs\", rpm:\"gimp-libs~2.2.13~2.0.7.el5_8.5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:30", "description": "Oracle Linux Local Security Checks ELSA-2012-1181", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2012-1181", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3403", "CVE-2009-3909", "CVE-2012-3402", "CVE-2012-3481", "CVE-2011-2896"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123843", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123843", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2012-1181.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123843\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:09:18 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-1181\");\n script_tag(name:\"insight\", value:\"ELSA-2012-1181 - gimp security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-1181\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-1181.html\");\n script_cve_id(\"CVE-2011-2896\", \"CVE-2009-3909\", \"CVE-2012-3402\", \"CVE-2012-3403\", \"CVE-2012-3481\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"gimp\", rpm:\"gimp~2.2.13~2.0.7.el5_8.5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"gimp-devel\", rpm:\"gimp-devel~2.2.13~2.0.7.el5_8.5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"gimp-libs\", rpm:\"gimp-libs~2.2.13~2.0.7.el5_8.5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:19", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-21T00:00:00", "type": "openvas", "title": "CentOS Update for gimp CESA-2012:1181 centos5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3403", "CVE-2009-3909", "CVE-2012-3402", "CVE-2012-3481", "CVE-2011-2896"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881470", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881470", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for gimp CESA-2012:1181 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-August/018809.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881470\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-21 11:44:31 +0530 (Tue, 21 Aug 2012)\");\n script_cve_id(\"CVE-2009-3909\", \"CVE-2011-2896\", \"CVE-2012-3402\", \"CVE-2012-3403\",\n \"CVE-2012-3481\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2012:1181\");\n script_name(\"CentOS Update for gimp CESA-2012:1181 centos5\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gimp'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"gimp on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The GIMP (GNU Image Manipulation Program) is an image composition and\n editing program.\n\n Multiple integer overflow flaws, leading to heap-based buffer overflows,\n were found in the GIMP's Adobe Photoshop (PSD) image file plug-in. An\n attacker could create a specially-crafted PSD image file that, when opened,\n could cause the PSD plug-in to crash or, potentially, execute arbitrary\n code with the privileges of the user running the GIMP. (CVE-2009-3909,\n CVE-2012-3402)\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the GIMP's GIF image format plug-in. An attacker could create a\n specially-crafted GIF image file that, when opened, could cause the GIF\n plug-in to crash or, potentially, execute arbitrary code with the\n privileges of the user running the GIMP. (CVE-2012-3481)\n\n A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch (LZW)\n decompression algorithm implementation used by the GIMP's GIF image format\n plug-in. An attacker could create a specially-crafted GIF image file that,\n when opened, could cause the GIF plug-in to crash or, potentially, execute\n arbitrary code with the privileges of the user running the GIMP.\n (CVE-2011-2896)\n\n A heap-based buffer overflow flaw was found in the GIMP's KiSS CEL file\n format plug-in. An attacker could create a specially-crafted KiSS palette\n file that, when opened, could cause the CEL plug-in to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n the GIMP. (CVE-2012-3403)\n\n Red Hat would like to thank Secunia Research for reporting CVE-2009-3909,\n and Matthias Weckbecker of the SUSE Security Team for reporting\n CVE-2012-3481.\n\n Users of the GIMP are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues. The GIMP must be\n restarted for the update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"gimp\", rpm:\"gimp~2.2.13~2.0.7.el5_8.5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gimp-devel\", rpm:\"gimp-devel~2.2.13~2.0.7.el5_8.5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gimp-libs\", rpm:\"gimp-libs~2.2.13~2.0.7.el5_8.5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:44", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-08-21T00:00:00", "type": "openvas", "title": "RedHat Update for gimp RHSA-2012:1181-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-3403", "CVE-2009-3909", "CVE-2012-3402", "CVE-2012-3481", "CVE-2011-2896"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870809", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870809", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for gimp RHSA-2012:1181-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-August/msg00017.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870809\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-21 11:43:14 +0530 (Tue, 21 Aug 2012)\");\n script_cve_id(\"CVE-2009-3909\", \"CVE-2011-2896\", \"CVE-2012-3402\", \"CVE-2012-3403\", \"CVE-2012-3481\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2012:1181-01\");\n script_name(\"RedHat Update for gimp RHSA-2012:1181-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gimp'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"gimp on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The GIMP (GNU Image Manipulation Program) is an image composition and\n editing program.\n\n Multiple integer overflow flaws, leading to heap-based buffer overflows,\n were found in the GIMP's Adobe Photoshop (PSD) image file plug-in. An\n attacker could create a specially-crafted PSD image file that, when opened,\n could cause the PSD plug-in to crash or, potentially, execute arbitrary\n code with the privileges of the user running the GIMP. (CVE-2009-3909,\n CVE-2012-3402)\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the GIMP's GIF image format plug-in. An attacker could create a\n specially-crafted GIF image file that, when opened, could cause the GIF\n plug-in to crash or, potentially, execute arbitrary code with the\n privileges of the user running the GIMP. (CVE-2012-3481)\n\n A heap-based buffer overflow flaw was found in the GIMP's KiSS CEL file\n format plug-in. An attacker could create a specially-crafted KiSS palette\n file that, when opened, could cause the CEL plug-in to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n the GIMP. (CVE-2012-3403)\n\n Red Hat would like to thank Secunia Research for reporting CVE-2009-3909,\n and Matthias Weckbecker of the SUSE Security Team for reporting\n CVE-2012-3481.\n\n Users of the GIMP are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues. The GIMP must be\n restarted for the update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"gimp\", rpm:\"gimp~2.2.13~2.0.7.el5_8.5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gimp-debuginfo\", rpm:\"gimp-debuginfo~2.2.13~2.0.7.el5_8.5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gimp-devel\", rpm:\"gimp-devel~2.2.13~2.0.7.el5_8.5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gimp-libs\", rpm:\"gimp-libs~2.2.13~2.0.7.el5_8.5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-06T13:07:39", "description": "Check for the Version of gimp", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for gimp CESA-2011:0838 centos5 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4541", "CVE-2010-4542", "CVE-2011-1178", "CVE-2010-4540", "CVE-2010-4543", "CVE-2009-1570"], "modified": "2018-01-04T00:00:00", "id": "OPENVAS:881435", "href": "http://plugins.openvas.org/nasl.php?oid=881435", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for gimp CESA-2011:0838 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The GIMP (GNU Image Manipulation Program) is an image composition and\n editing program.\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the GIMP's Microsoft Windows Bitmap (BMP) and Personal Computer\n eXchange (PCX) image file plug-ins. An attacker could create a\n specially-crafted BMP or PCX image file that, when opened, could cause the\n relevant plug-in to crash or, potentially, execute arbitrary code with the\n privileges of the user running the GIMP. (CVE-2009-1570, CVE-2011-1178)\n \n A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro\n (PSP) image file plug-in. An attacker could create a specially-crafted PSP\n image file that, when opened, could cause the PSP plug-in to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n the GIMP. (CVE-2010-4543)\n \n A stack-based buffer overflow flaw was found in the GIMP's Lightning,\n Sphere Designer, and Gfig image filters. An attacker could create a\n specially-crafted Lightning, Sphere Designer, or Gfig filter configuration\n file that, when opened, could cause the relevant plug-in to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n the GIMP. (CVE-2010-4540, CVE-2010-4541, CVE-2010-4542)\n \n Red Hat would like to thank Stefan Cornelius of Secunia Research for\n responsibly reporting the CVE-2009-1570 flaw.\n \n Users of the GIMP are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues. The GIMP must be\n restarted for the update to take effect.\";\n\ntag_affected = \"gimp on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-May/017598.html\");\n script_id(881435);\n script_version(\"$Revision: 8285 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 07:29:16 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:51:54 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2009-1570\", \"CVE-2010-4540\", \"CVE-2010-4541\", \"CVE-2010-4542\",\n \"CVE-2010-4543\", \"CVE-2011-1178\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2011:0838\");\n script_name(\"CentOS Update for gimp CESA-2011:0838 centos5 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gimp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"gimp\", rpm:\"gimp~2.2.13~2.0.7.el5_6.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gimp-devel\", rpm:\"gimp-devel~2.2.13~2.0.7.el5_6.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gimp-libs\", rpm:\"gimp-libs~2.2.13~2.0.7.el5_6.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:32", "description": "Check for the Version of gimp", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for gimp CESA-2011:0838 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4541", "CVE-2010-4542", "CVE-2011-1178", "CVE-2010-4540", "CVE-2010-4543", "CVE-2009-1570"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880522", "href": "http://plugins.openvas.org/nasl.php?oid=880522", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for gimp CESA-2011:0838 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The GIMP (GNU Image Manipulation Program) is an image composition and\n editing program.\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the GIMP's Microsoft Windows Bitmap (BMP) and Personal Computer\n eXchange (PCX) image file plug-ins. An attacker could create a\n specially-crafted BMP or PCX image file that, when opened, could cause the\n relevant plug-in to crash or, potentially, execute arbitrary code with the\n privileges of the user running the GIMP. (CVE-2009-1570, CVE-2011-1178)\n \n A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro\n (PSP) image file plug-in. An attacker could create a specially-crafted PSP\n image file that, when opened, could cause the PSP plug-in to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n the GIMP. (CVE-2010-4543)\n \n A stack-based buffer overflow flaw was found in the GIMP's Lightning,\n Sphere Designer, and Gfig image filters. An attacker could create a\n specially-crafted Lightning, Sphere Designer, or Gfig filter configuration\n file that, when opened, could cause the relevant plug-in to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n the GIMP. (CVE-2010-4540, CVE-2010-4541, CVE-2010-4542)\n \n Red Hat would like to thank Stefan Cornelius of Secunia Research for\n responsibly reporting the CVE-2009-1570 flaw.\n \n Users of the GIMP are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues. The GIMP must be\n restarted for the update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"gimp on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-May/017597.html\");\n script_id(880522);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2011:0838\");\n script_cve_id(\"CVE-2009-1570\", \"CVE-2010-4540\", \"CVE-2010-4541\", \"CVE-2010-4542\", \"CVE-2010-4543\", \"CVE-2011-1178\");\n script_name(\"CentOS Update for gimp CESA-2011:0838 centos5 i386\");\n\n script_summary(\"Check for the Version of gimp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"gimp\", rpm:\"gimp~2.2.13~2.0.7.el5_6.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gimp-devel\", rpm:\"gimp-devel~2.2.13~2.0.7.el5_6.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gimp-libs\", rpm:\"gimp-libs~2.2.13~2.0.7.el5_6.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:55:33", "description": "Check for the Version of gimp", "cvss3": {}, "published": "2011-06-06T00:00:00", "type": "openvas", "title": "RedHat Update for gimp RHSA-2011:0838-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4541", "CVE-2010-4542", "CVE-2011-1178", "CVE-2010-4540", "CVE-2010-4543", "CVE-2009-1570"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:870438", "href": "http://plugins.openvas.org/nasl.php?oid=870438", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for gimp RHSA-2011:0838-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The GIMP (GNU Image Manipulation Program) is an image composition and\n editing program.\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the GIMP's Microsoft Windows Bitmap (BMP) and Personal Computer\n eXchange (PCX) image file plug-ins. An attacker could create a\n specially-crafted BMP or PCX image file that, when opened, could cause the\n relevant plug-in to crash or, potentially, execute arbitrary code with the\n privileges of the user running the GIMP. (CVE-2009-1570, CVE-2011-1178)\n \n A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro\n (PSP) image file plug-in. An attacker could create a specially-crafted PSP\n image file that, when opened, could cause the PSP plug-in to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n the GIMP. (CVE-2010-4543)\n \n A stack-based buffer overflow flaw was found in the GIMP's Lightning,\n Sphere Designer, and Gfig image filters. An attacker could create a\n specially-crafted Lightning, Sphere Designer, or Gfig filter configuration\n file that, when opened, could cause the relevant plug-in to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n the GIMP. (CVE-2010-4540, CVE-2010-4541, CVE-2010-4542)\n \n Red Hat would like to thank Stefan Cornelius of Secunia Research for\n responsibly reporting the CVE-2009-1570 flaw.\n \n Users of the GIMP are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues. The GIMP must be\n restarted for the update to take effect.\";\n\ntag_affected = \"gimp on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-May/msg00029.html\");\n script_id(870438);\n script_version(\"$Revision: 6685 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:44:46 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-06-06 16:56:27 +0200 (Mon, 06 Jun 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2011:0838-01\");\n script_cve_id(\"CVE-2009-1570\", \"CVE-2010-4540\", \"CVE-2010-4541\", \"CVE-2010-4542\", \"CVE-2010-4543\", \"CVE-2011-1178\");\n script_name(\"RedHat Update for gimp RHSA-2011:0838-01\");\n\n script_summary(\"Check for the Version of gimp\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"gimp\", rpm:\"gimp~2.2.13~2.0.7.el5_6.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gimp-debuginfo\", rpm:\"gimp-debuginfo~2.2.13~2.0.7.el5_6.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gimp-devel\", rpm:\"gimp-devel~2.2.13~2.0.7.el5_6.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gimp-libs\", rpm:\"gimp-libs~2.2.13~2.0.7.el5_6.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:41", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for gimp CESA-2011:0838 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4541", "CVE-2010-4542", "CVE-2011-1178", "CVE-2010-4540", "CVE-2010-4543", "CVE-2009-1570"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880522", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880522", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for gimp CESA-2011:0838 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-May/017597.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880522\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2011:0838\");\n script_cve_id(\"CVE-2009-1570\", \"CVE-2010-4540\", \"CVE-2010-4541\", \"CVE-2010-4542\", \"CVE-2010-4543\", \"CVE-2011-1178\");\n script_name(\"CentOS Update for gimp CESA-2011:0838 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gimp'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"gimp on CentOS 5\");\n script_tag(name:\"insight\", value:\"The GIMP (GNU Image Manipulation Program) is an image composition and\n editing program.\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the GIMP's Microsoft Windows Bitmap (BMP) and Personal Computer\n eXchange (PCX) image file plug-ins. An attacker could create a\n specially-crafted BMP or PCX image file that, when opened, could cause the\n relevant plug-in to crash or, potentially, execute arbitrary code with the\n privileges of the user running the GIMP. (CVE-2009-1570, CVE-2011-1178)\n\n A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro\n (PSP) image file plug-in. An attacker could create a specially-crafted PSP\n image file that, when opened, could cause the PSP plug-in to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n the GIMP. (CVE-2010-4543)\n\n A stack-based buffer overflow flaw was found in the GIMP's Lightning,\n Sphere Designer, and Gfig image filters. An attacker could create a\n specially-crafted Lightning, Sphere Designer, or Gfig filter configuration\n file that, when opened, could cause the relevant plug-in to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n the GIMP. (CVE-2010-4540, CVE-2010-4541, CVE-2010-4542)\n\n Red Hat would like to thank Stefan Cornelius of Secunia Research for\n responsibly reporting the CVE-2009-1570 flaw.\n\n Users of the GIMP are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues. The GIMP must be\n restarted for the update to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"gimp\", rpm:\"gimp~2.2.13~2.0.7.el5_6.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gimp-devel\", rpm:\"gimp-devel~2.2.13~2.0.7.el5_6.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gimp-libs\", rpm:\"gimp-libs~2.2.13~2.0.7.el5_6.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:51", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for gimp CESA-2011:0838 centos5 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4541", "CVE-2010-4542", "CVE-2011-1178", "CVE-2010-4540", "CVE-2010-4543", "CVE-2009-1570"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881435", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881435", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for gimp CESA-2011:0838 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-May/017598.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881435\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:51:54 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2009-1570\", \"CVE-2010-4540\", \"CVE-2010-4541\", \"CVE-2010-4542\",\n \"CVE-2010-4543\", \"CVE-2011-1178\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2011:0838\");\n script_name(\"CentOS Update for gimp CESA-2011:0838 centos5 x86_64\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gimp'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"gimp on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The GIMP (GNU Image Manipulation Program) is an image composition and\n editing program.\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the GIMP's Microsoft Windows Bitmap (BMP) and Personal Computer\n eXchange (PCX) image file plug-ins. An attacker could create a\n specially-crafted BMP or PCX image file that, when opened, could cause the\n relevant plug-in to crash or, potentially, execute arbitrary code with the\n privileges of the user running the GIMP. (CVE-2009-1570, CVE-2011-1178)\n\n A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro\n (PSP) image file plug-in. An attacker could create a specially-crafted PSP\n image file that, when opened, could cause the PSP plug-in to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n the GIMP. (CVE-2010-4543)\n\n A stack-based buffer overflow flaw was found in the GIMP's Lightning,\n Sphere Designer, and Gfig image filters. An attacker could create a\n specially-crafted Lightning, Sphere Designer, or Gfig filter configuration\n file that, when opened, could cause the relevant plug-in to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n the GIMP. (CVE-2010-4540, CVE-2010-4541, CVE-2010-4542)\n\n Red Hat would like to thank Stefan Cornelius of Secunia Research for\n responsibly reporting the CVE-2009-1570 flaw.\n\n Users of the GIMP are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues. The GIMP must be\n restarted for the update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"gimp\", rpm:\"gimp~2.2.13~2.0.7.el5_6.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gimp-devel\", rpm:\"gimp-devel~2.2.13~2.0.7.el5_6.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gimp-libs\", rpm:\"gimp-libs~2.2.13~2.0.7.el5_6.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:56", "description": "Oracle Linux Local Security Checks ELSA-2011-0838", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-0838", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4541", "CVE-2010-4542", "CVE-2011-1178", "CVE-2010-4540", "CVE-2010-4543", "CVE-2009-1570"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122157", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122157", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-0838.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122157\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:14:00 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-0838\");\n script_tag(name:\"insight\", value:\"ELSA-2011-0838 - gimp security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-0838\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-0838.html\");\n script_cve_id(\"CVE-2009-1570\", \"CVE-2010-4540\", \"CVE-2010-4541\", \"CVE-2010-4542\", \"CVE-2010-4543\", \"CVE-2011-1178\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"gimp\", rpm:\"gimp~2.2.13~2.0.7.el5_6.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"gimp-devel\", rpm:\"gimp-devel~2.2.13~2.0.7.el5_6.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"gimp-libs\", rpm:\"gimp-libs~2.2.13~2.0.7.el5_6.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:44", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-06-06T00:00:00", "type": "openvas", "title": "RedHat Update for gimp RHSA-2011:0838-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4541", "CVE-2010-4542", "CVE-2011-1178", "CVE-2010-4540", "CVE-2010-4543", "CVE-2009-1570"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870438", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870438", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for gimp RHSA-2011:0838-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-May/msg00029.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870438\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-06-06 16:56:27 +0200 (Mon, 06 Jun 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2011:0838-01\");\n script_cve_id(\"CVE-2009-1570\", \"CVE-2010-4540\", \"CVE-2010-4541\", \"CVE-2010-4542\", \"CVE-2010-4543\", \"CVE-2011-1178\");\n script_name(\"RedHat Update for gimp RHSA-2011:0838-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gimp'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"gimp on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The GIMP (GNU Image Manipulation Program) is an image composition and\n editing program.\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n found in the GIMP's Microsoft Windows Bitmap (BMP) and Personal Computer\n eXchange (PCX) image file plug-ins. An attacker could create a\n specially-crafted BMP or PCX image file that, when opened, could cause the\n relevant plug-in to crash or, potentially, execute arbitrary code with the\n privileges of the user running the GIMP. (CVE-2009-1570, CVE-2011-1178)\n\n A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro\n (PSP) image file plug-in. An attacker could create a specially-crafted PSP\n image file that, when opened, could cause the PSP plug-in to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n the GIMP. (CVE-2010-4543)\n\n A stack-based buffer overflow flaw was found in the GIMP's Lightning,\n Sphere Designer, and Gfig image filters. An attacker could create a\n specially-crafted Lightning, Sphere Designer, or Gfig filter configuration\n file that, when opened, could cause the relevant plug-in to crash or,\n potentially, execute arbitrary code with the privileges of the user running\n the GIMP. (CVE-2010-4540, CVE-2010-4541, CVE-2010-4542)\n\n Red Hat would like to thank Stefan Cornelius of Secunia Research for\n responsibly reporting the CVE-2009-1570 flaw.\n\n Users of the GIMP are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues. The GIMP must be\n restarted for the update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"gimp\", rpm:\"gimp~2.2.13~2.0.7.el5_6.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gimp-debuginfo\", rpm:\"gimp-debuginfo~2.2.13~2.0.7.el5_6.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gimp-devel\", rpm:\"gimp-devel~2.2.13~2.0.7.el5_6.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gimp-libs\", rpm:\"gimp-libs~2.2.13~2.0.7.el5_6.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-04-06T11:40:12", "description": "The remote host is missing an update to poppler\nannounced via advisory DSA 1941-1.", "cvss3": {}, "published": "2009-12-03T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1941-1 (poppler)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3909", "CVE-2009-3607", "CVE-2009-3903", "CVE-2009-3904", "CVE-2009-3606", "CVE-2009-0755", "CVE-2009-3938", "CVE-2009-3905"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066332", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066332", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1941_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1941-1 (poppler)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several integer overflows, buffer overflows and memory allocation\nerrors were discovered in the Poppler PDF rendering library, which may\nlead to denial of service or the execution of arbitrary code if a user\nis tricked into opening a malformed PDF document.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 0.8.7-3.\n\nAn update for the old stable distribution (etch) will be issued soon as\nversion 0.4.5-5.1etch4.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your poppler packages.\";\ntag_summary = \"The remote host is missing an update to poppler\nannounced via advisory DSA 1941-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201941-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66332\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-03 22:10:42 +0100 (Thu, 03 Dec 2009)\");\n script_cve_id(\"CVE-2009-3607\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-0755\", \"CVE-2009-3904\", \"CVE-2009-3905\", \"CVE-2009-3903\", \"CVE-2009-3938\", \"CVE-2009-3909\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1941-1 (poppler)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libpoppler-dev\", ver:\"0.8.7-3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-qt-dev\", ver:\"0.8.7-3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"poppler-utils\", ver:\"0.8.7-3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-qt2\", ver:\"0.8.7-3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-glib3\", ver:\"0.8.7-3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-qt4-dev\", ver:\"0.8.7-3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-qt4-3\", ver:\"0.8.7-3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler3\", ver:\"0.8.7-3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-glib-dev\", ver:\"0.8.7-3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"poppler-dbg\", ver:\"0.8.7-3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:57:05", "description": "The remote host is missing an update to poppler\nannounced via advisory DSA 1941-1.", "cvss3": {}, "published": "2009-12-03T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1941-1 (poppler)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3909", "CVE-2009-3607", "CVE-2009-3903", "CVE-2009-3904", "CVE-2009-3606", "CVE-2009-0755", "CVE-2009-3938", "CVE-2009-3905"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:66332", "href": "http://plugins.openvas.org/nasl.php?oid=66332", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1941_1.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1941-1 (poppler)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several integer overflows, buffer overflows and memory allocation\nerrors were discovered in the Poppler PDF rendering library, which may\nlead to denial of service or the execution of arbitrary code if a user\nis tricked into opening a malformed PDF document.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 0.8.7-3.\n\nAn update for the old stable distribution (etch) will be issued soon as\nversion 0.4.5-5.1etch4.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your poppler packages.\";\ntag_summary = \"The remote host is missing an update to poppler\nannounced via advisory DSA 1941-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201941-1\";\n\n\nif(description)\n{\n script_id(66332);\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-03 22:10:42 +0100 (Thu, 03 Dec 2009)\");\n script_cve_id(\"CVE-2009-3607\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-0755\", \"CVE-2009-3904\", \"CVE-2009-3905\", \"CVE-2009-3903\", \"CVE-2009-3938\", \"CVE-2009-3909\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1941-1 (poppler)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libpoppler-dev\", ver:\"0.8.7-3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-qt-dev\", ver:\"0.8.7-3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"poppler-utils\", ver:\"0.8.7-3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-qt2\", ver:\"0.8.7-3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-glib3\", ver:\"0.8.7-3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-qt4-dev\", ver:\"0.8.7-3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-qt4-3\", ver:\"0.8.7-3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler3\", ver:\"0.8.7-3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpoppler-glib-dev\", ver:\"0.8.7-3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"poppler-dbg\", ver:\"0.8.7-3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2022-01-04T13:22:53", "description": "Stefan Cornelius discovered that GIMP did not correctly handle certain \nmalformed BMP files. If a user were tricked into opening a specially \ncrafted BMP file, an attacker could execute arbitrary code with the user's \nprivileges. (CVE-2009-1570)\n\nStefan Cornelius discovered that GIMP did not correctly handle certain \nmalformed PSD files. If a user were tricked into opening a specially \ncrafted PSD file, an attacker could execute arbitrary code with the user's \nprivileges. This issue only applied to Ubuntu 8.10, 9.04 and 9.10. \n(CVE-2009-3909)\n", "cvss3": {}, "published": "2010-01-07T00:00:00", "type": "ubuntu", "title": "GIMP vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3909", "CVE-2009-1570"], "modified": "2010-01-07T00:00:00", "id": "USN-880-1", "href": "https://ubuntu.com/security/notices/USN-880-1", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "slackware": [{"lastseen": "2021-07-28T14:46:33", "description": "New gimp packages are available for Slackware 12.1, 12.2, 13.0, and -current to\nfix security issues.\n\nMore details about these issues may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1570\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3909\n\n\nHere are the details from the Slackware 13.0 ChangeLog:\n\npatches/packages/gimp-2.6.8-i486-1_slack13.0.txz: Upgraded.\n This fixes integer overflows in the image handling plugins that could\n lead to the execution of arbitrary code or an application crash if a\n malicious image is loaded.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1570\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3909\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/gimp-2.4.7-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/gimp-2.4.7-i486-2_slack12.2.tgz\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/gimp-2.6.8-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/gimp-2.6.8-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/gimp-2.6.8-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/gimp-2.6.8-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 12.1 package:\n1f4e02babc22fb6ac3fc84b1c118d72b gimp-2.4.7-i486-1_slack12.1.tgz\n\nSlackware 12.2 package:\nb7c63449db64c9d1511b2080d323ed49 gimp-2.4.7-i486-2_slack12.2.tgz\n\nSlackware 13.0 package:\nb1921dfa3606ebc2ebc19a62e509dc71 gimp-2.6.8-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n0a9592c74c7de560c572e74345677343 gimp-2.6.8-x86_64-1_slack13.0.txz\n\nSlackware -current package:\nfcf74c662164e4d9e2f1040e8d2520c6 gimp-2.6.8-i486-1.txz\n\nSlackware x86_64 -current package:\n35afac41e102725a4d10ece7e7d93366 gimp-2.6.8-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg gimp-2.6.8-i486-1_slack13.0.txz", "cvss3": {}, "published": "2009-12-12T06:36:49", "type": "slackware", "title": "[slackware-security] gimp", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1570", "CVE-2009-3909"], "modified": "2009-12-12T06:36:49", "id": "SSA-2009-345-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.433860", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:34", "description": "Integer overflow on .BPM, .PSD files parsing.", "edition": 1, "cvss3": {}, "published": "2009-11-17T00:00:00", "title": "GIMP integer overflow", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2009-3909", "CVE-2009-1570"], "modified": "2009-11-17T00:00:00", "id": "SECURITYVULNS:VULN:10403", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10403", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:32", "description": "======================================================================\r\n\r\n Secunia Research 17/11/2009\r\n\r\n - Gimp PSD Image Parsing Integer Overflow Vulnerability -\r\n\r\n====================================================================== \r\nTable of Contents\r\n\r\nAffected Software....................................................1\r\nSeverity.............................................................2\r\nVendor&#39;s Description of Software.....................................3\r\nDescription of Vulnerability.........................................4\r\nSolution.............................................................5\r\nTime Table...........................................................6\r\nCredits..............................................................7\r\nReferences...........................................................8\r\nAbout Secunia........................................................9\r\nVerification........................................................10\r\n\r\n====================================================================== \r\n1&#41; Affected Software \r\n\r\n* Gimp 2.6.7\r\n\r\nNOTE: Other versions may also be affected.\r\n\r\n====================================================================== \r\n2&#41; Severity \r\n\r\nRating: Moderately Critical\r\nImpact: System Access\r\nWhere: Remote\r\n\r\n====================================================================== \r\n3&#41; Vendor&#39;s Description of Software \r\n\r\n&quot;GIMP is the GNU Image Manipulation Program. It is a freely \r\ndistributed piece of software for such tasks as photo retouching,\r\nimage composition and image authoring. It works on many operating\r\nsystems, in many languages.&quot;.\r\n\r\nProduct Link:\r\nhttp://www.gimp.org/\r\n\r\n====================================================================== \r\n4&#41; Description of Vulnerability\r\n\r\nSecunia Research has discovered a vulnerability in Gimp, which can be \r\nexploited by malicious people to potentially compromise a user&#39;s\r\nsystem.\r\n\r\nThe vulnerability is caused by an integer overflow error within the\r\n&quot;read_channel_data&#40;&#41;&quot; function in plug-ins/file-psd/psd-load.c. This\r\ncan be exploited to cause a heap-based buffer overflow by e.g.\r\ntricking a user into opening a specially crafted PSD file.\r\n\r\n====================================================================== \r\n5&#41; Solution \r\n\r\nFixed in the GIT repository.\r\n\r\n====================================================================== \r\n6&#41; Time Table \r\n\r\n04/11/2009 - Vendor notified.\r\n12/11/2009 - Second attempt to contact vendor. Also notified\r\n vendor-sec mailing list.\r\n13/11/2009 - Vendor response.\r\n17/11/2009 - Public disclosure.\r\n\r\n====================================================================== \r\n7&#41; Credits \r\n\r\nDiscovered by Stefan Cornelius, Secunia Research.\r\n\r\n====================================================================== \r\n8&#41; References\r\n\r\nThe Common Vulnerabilities and Exposures &#40;CVE&#41; project has assigned \r\nCVE-2009-3909 for the vulnerability.\r\n\r\n====================================================================== \r\n9&#41; About Secunia\r\n\r\nSecunia offers vulnerability management solutions to corporate\r\ncustomers with verified and reliable vulnerability intelligence\r\nrelevant to their specific system configuration:\r\n\r\nhttp://secunia.com/advisories/business_solutions/\r\n\r\nSecunia also provides a publicly accessible and comprehensive advisory\r\ndatabase as a service to the security community and private \r\nindividuals, who are interested in or concerned about IT-security.\r\n\r\nhttp://secunia.com/advisories/\r\n\r\nSecunia believes that it is important to support the community and to\r\ndo active vulnerability research in order to aid improving the \r\nsecurity and reliability of software in general:\r\n\r\nhttp://secunia.com/secunia_research/\r\n\r\nSecunia regularly hires new skilled team members. Check the URL below\r\nto see currently vacant positions:\r\n\r\nhttp://secunia.com/corporate/jobs/\r\n\r\nSecunia offers a FREE mailing list called Secunia Security Advisories:\r\n\r\nhttp://secunia.com/advisories/mailing_lists/\r\n\r\n====================================================================== \r\n10&#41; Verification \r\n\r\nPlease verify this advisory by visiting the Secunia website:\r\nhttp://secunia.com/secunia_research/2009-43/\r\n\r\nComplete list of vulnerability reports published by Secunia Research:\r\nhttp://secunia.com/secunia_research/\r\n\r\n======================================================================", "edition": 1, "cvss3": {}, "published": "2009-11-17T00:00:00", "title": "Secunia Research: Gimp PSD Image Parsing Integer Overflow Vulnerability", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2009-3909"], "modified": "2009-11-17T00:00:00", "id": "SECURITYVULNS:DOC:22797", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22797", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:32", "description": "====================================================================== \r\n\r\n Secunia Research 12/11/2009\r\n\r\n - Gimp BMP Image Parsing Integer Overflow Vulnerability -\r\n\r\n====================================================================== \r\nTable of Contents\r\n\r\nAffected Software....................................................1\r\nSeverity.............................................................2\r\nVendor&#39;s Description of Software.....................................3\r\nDescription of Vulnerability.........................................4\r\nSolution.............................................................5\r\nTime Table...........................................................6\r\nCredits..............................................................7\r\nReferences...........................................................8\r\nAbout Secunia........................................................9\r\nVerification........................................................10\r\n\r\n====================================================================== \r\n1&#41; Affected Software \r\n\r\n* Gimp 2.6.7\r\n\r\nNOTE: Other versions may also be affected.\r\n\r\n====================================================================== \r\n2&#41; Severity \r\n\r\nRating: Moderately Critical\r\nImpact: System Access\r\nWhere: Remote\r\n\r\n====================================================================== \r\n3&#41; Vendor&#39;s Description of Software \r\n\r\n&quot;GIMP is the GNU Image Manipulation Program. It is a freely\r\ndistributed piece of software for such tasks as photo retouching,\r\nimage composition and image authoring. It works on many operating \r\nsystems, in many languages.&quot;.\r\n\r\nProduct Link:\r\nhttp://www.gimp.org/\r\n\r\n====================================================================== \r\n4&#41; Description of Vulnerability\r\n\r\nSecunia Research has discovered a vulnerability in Gimp, which can be\r\nexploited by malicious people to potentially compromise a user&#39;s \r\nsystem.\r\n\r\nThe vulnerability is caused by an integer overflow error within the\r\n&quot;ReadImage&#40;&#41;&quot; function in plug-ins/file-bmp/bmp-read.c. This can be\r\nexploited to cause a heap-based buffer overflow by e.g. tricking a\r\nuser into opening a specially crafted BMP file.\r\n\r\n====================================================================== \r\n5&#41; Solution \r\n\r\nFixed in the GIT repository.\r\n\r\n====================================================================== \r\n6&#41; Time Table \r\n\r\n02/11/2009 - Vendor notified.\r\n02/11/2009 - Vendor response.\r\n09/11-2009 - Fixed in the GIT repository.\r\n12/11/2009 - Public disclosure.\r\n\r\n====================================================================== \r\n7&#41; Credits \r\n\r\nDiscovered by Stefan Cornelius, Secunia Research.\r\n\r\n====================================================================== \r\n8&#41; References\r\n\r\nThe Common Vulnerabilities and Exposures &#40;CVE&#41; project has assigned \r\nCVE-2009-1570 for the vulnerability.\r\n\r\n====================================================================== \r\n9&#41; About Secunia\r\n\r\nSecunia offers vulnerability management solutions to corporate\r\ncustomers with verified and reliable vulnerability intelligence\r\nrelevant to their specific system configuration:\r\n\r\nhttp://secunia.com/advisories/business_solutions/\r\n\r\nSecunia also provides a publicly accessible and comprehensive advisory\r\ndatabase as a service to the security community and private \r\nindividuals, who are interested in or concerned about IT-security.\r\n\r\nhttp://secunia.com/advisories/\r\n\r\nSecunia believes that it is important to support the community and to\r\ndo active vulnerability research in order to aid improving the \r\nsecurity and reliability of software in general:\r\n\r\nhttp://secunia.com/secunia_research/\r\n\r\nSecunia regularly hires new skilled team members. Check the URL below\r\nto see currently vacant positions:\r\n\r\nhttp://secunia.com/corporate/jobs/\r\n\r\nSecunia offers a FREE mailing list called Secunia Security Advisories:\r\n\r\nhttp://secunia.com/advisories/mailing_lists/\r\n\r\n====================================================================== \r\n10&#41; Verification \r\n\r\nPlease verify this advisory by visiting the Secunia website:\r\nhttp://secunia.com/secunia_research/2009-42/\r\n\r\nComplete list of vulnerability reports published by Secunia Research:\r\nhttp://secunia.com/secunia_research/\r\n\r\n======================================================================", "edition": 1, "cvss3": {}, "published": "2009-11-13T00:00:00", "title": "Secunia Research: Gimp BMP Image Parsing Integer Overflow Vulnerability", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2009-1570"], "modified": "2009-11-13T00:00:00", "id": "SECURITYVULNS:DOC:22790", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22790", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2022-03-23T21:36:44", "description": "Integer overflow in the read_channel_data function in plug-ins/file-psd/psd-load.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a crafted PSD file that triggers a heap-based buffer overflow.", "cvss3": {}, "published": "2009-11-19T00:30:00", "type": "cve", "title": "CVE-2009-3909", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3909"], "modified": "2022-02-07T17:53:00", "cpe": ["cpe:/a:gimp:gimp:2.6.7"], "id": "CVE-2009-3909", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3909", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:gimp:gimp:2.6.7:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T21:26:40", "description": "Integer overflow in the ReadImage function in plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a BMP file with crafted width and height values that trigger a heap-based buffer overflow.", "cvss3": {}, "published": "2009-11-13T15:30:00", "type": "cve", "title": "CVE-2009-1570", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1570"], "modified": "2022-02-07T17:54:00", "cpe": ["cpe:/a:gimp:gimp:2.6.7"], "id": "CVE-2009-1570", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1570", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:gimp:gimp:2.6.7:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:36:21", "description": "Integer overflow in plug-ins/common/psd.c in the Adobe Photoshop PSD plugin in GIMP 2.2.13 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted channels header value in a PSD image file, which triggers a heap-based buffer overflow, a different vulnerability than CVE-2009-3909.", "cvss3": {}, "published": "2012-08-25T10:29:00", "type": "cve", "title": "CVE-2012-3402", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3909", "CVE-2012-3402"], "modified": "2022-02-07T18:45:00", "cpe": ["cpe:/a:gimp:gimp:2.2.13"], "id": "CVE-2012-3402", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3402", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:gimp:gimp:2.2.13:*:*:*:*:*:*:*"]}], "ubuntucve": [{"lastseen": "2021-11-22T21:59:11", "description": "Integer overflow in the read_channel_data function in\nplug-ins/file-psd/psd-load.c in GIMP 2.6.7 might allow remote attackers to\nexecute arbitrary code via a crafted PSD file that triggers a heap-based\nbuffer overflow.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=556750>\n", "cvss3": {}, "published": "2009-11-18T00:00:00", "type": "ubuntucve", "title": "CVE-2009-3909", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3909"], "modified": "2009-11-18T00:00:00", "id": "UB:CVE-2009-3909", "href": "https://ubuntu.com/security/CVE-2009-3909", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-22T21:59:12", "description": "Integer overflow in the ReadImage function in plug-ins/file-bmp/bmp-read.c\nin GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a\nBMP file with crafted width and height values that trigger a heap-based\nbuffer overflow.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555929>\n * <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1570>\n", "cvss3": {}, "published": "2009-11-13T00:00:00", "type": "ubuntucve", "title": "CVE-2009-1570", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1570"], "modified": "2009-11-13T00:00:00", "id": "UB:CVE-2009-1570", "href": "https://ubuntu.com/security/CVE-2009-1570", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "seebug": [{"lastseen": "2017-11-19T18:29:43", "description": "BUGTRAQ ID: 37040\r\nCVE(CAN) ID: CVE-2009-3909\r\n\r\nGIMP\u662fGNU Image Manipulation Program\uff08GNU\u56fe\u50cf\u5904\u7406\u7a0b\u5e8f\uff09\u7684\u7f29\u5199\uff0c\u662f\u4e00\u6b3e\u8de8\u5e73\u53f0\u7684\u56fe\u50cf\u5904\u7406\u8f6f\u4ef6\u3002\r\n\r\nGIMP\u7684plug-ins/file-psd/psd-load.c\u6587\u4ef6\u4e2d\u7684read_channel_data()\u51fd\u6570\u5b58\u5728\u6700\u7ec8\u53ef\u5bfc\u81f4\u5806\u6ea2\u51fa\u7684\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u7528\u6237\u53d7\u9a97\u6253\u5f00\u6076\u610f\u7684PSD\u6587\u4ef6\u5c31\u53ef\u4ee5\u89e6\u53d1\u8fd9\u4e2a\u6ea2\u51fa\uff0c\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\n\nGIMP 2.6.7\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nGIMP\r\n----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://git.gnome.org/cgit/gimp/commit/?id=0e440cb6d4d6ee029667363d244aff61b154c33c\r\nhttp://git.gnome.org/cgit/gimp/commit/?id=9cc8d78ff33b7a36852b74e64b427489cad44d0e", "cvss3": {}, "published": "2009-11-23T00:00:00", "type": "seebug", "title": "GIMP PSD\u56fe\u5f62\u89e3\u6790\u6574\u6570\u6ea2\u51fa\u6ea2\u51fa\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2009-3909"], "modified": "2009-11-23T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-14960", "id": "SSV:14960", "sourceData": "", "sourceHref": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T18:30:17", "description": "BUGTRAQ ID: 37006\r\nCVE ID: CVE-2009-1570\r\n\r\nGIMP\u662fGNU Image Manipulation Program\uff08GNU\u56fe\u50cf\u5904\u7406\u7a0b\u5e8f\uff09\u7684\u7f29\u5199\uff0c\u662f\u4e00\u6b3e\u8de8\u5e73\u53f0\u7684\u56fe\u50cf\u5904\u7406\u8f6f\u4ef6\u3002\r\n\r\nGIMP\u7684plug-ins/file-bmp/bmp-read.c\u6587\u4ef6\u4e2d\u7684ReadImage()\u51fd\u6570\u5b58\u5728\u6700\u7ec8\u53ef\u5bfc\u81f4\u5806\u6ea2\u51fa\u7684\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\u3002\u5982\u679c\u7528\u6237\u53d7\u9a97\u6253\u5f00\u4e86\u7279\u5236\u7684BMP\u6587\u4ef6\uff0c\u5c31\u53ef\u80fd\u89e6\u53d1\u8fd9\u4e2a\u6ea2\u51fa\uff0c\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\n\nGIMP 2.6.7\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nGIMP\r\n----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://git.gnome.org/cgit/gimp/commit/?id=e3afc99b2fa7aeddf0dba4778663160a5bc682d3", "cvss3": {}, "published": "2009-11-13T00:00:00", "type": "seebug", "title": "GIMP BMP\u56fe\u5f62\u89e3\u6790\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2009-1570"], "modified": "2009-11-13T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-12629", "id": "SSV:12629", "sourceData": "", "sourceHref": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debiancve": [{"lastseen": "2022-07-04T05:59:02", "description": "Integer overflow in the read_channel_data function in plug-ins/file-psd/psd-load.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a crafted PSD file that triggers a heap-based buffer overflow.", "cvss3": {}, "published": "2009-11-19T00:30:00", "type": "debiancve", "title": "CVE-2009-3909", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3909"], "modified": "2009-11-19T00:30:00", "id": "DEBIANCVE:CVE-2009-3909", "href": "https://security-tracker.debian.org/tracker/CVE-2009-3909", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-04T05:59:02", "description": "Integer overflow in the ReadImage function in plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a BMP file with crafted width and height values that trigger a heap-based buffer overflow.", "cvss3": {}, "published": "2009-11-13T15:30:00", "type": "debiancve", "title": "CVE-2009-1570", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1570"], "modified": "2009-11-13T15:30:00", "id": "DEBIANCVE:CVE-2009-1570", "href": "https://security-tracker.debian.org/tracker/CVE-2009-1570", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-04T05:59:02", "description": "Integer overflow in plug-ins/common/psd.c in the Adobe Photoshop PSD plugin in GIMP 2.2.13 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted channels header value in a PSD image file, which triggers a heap-based buffer overflow, a different vulnerability than CVE-2009-3909.", "cvss3": {}, "published": "2012-08-25T10:29:00", "type": "debiancve", "title": "CVE-2012-3402", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3909", "CVE-2012-3402"], "modified": "2012-08-25T10:29:00", "id": "DEBIANCVE:CVE-2012-3402", "href": "https://security-tracker.debian.org/tracker/CVE-2012-3402", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2022-01-17T19:12:16", "description": "### Background\n\nGIMP is the GNU Image Manipulation Program.\n\n### Description\n\nMultiple vulnerabilities have been discovered in GIMP. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll GIMP users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-gfx/gimp-2.6.12-r2\"", "cvss3": {}, "published": "2012-09-28T00:00:00", "type": "gentoo", "title": "GIMP: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1570", "CVE-2009-3909", "CVE-2010-4540", "CVE-2010-4541", "CVE-2010-4542", "CVE-2010-4543", "CVE-2011-1178", "CVE-2011-2896", "CVE-2012-2763", "CVE-2012-3402"], "modified": "2012-09-28T00:00:00", "id": "GLSA-201209-23", "href": "https://security.gentoo.org/glsa/201209-23", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2021-10-21T04:44:56", "description": "The GIMP (GNU Image Manipulation Program) is an image composition and\nediting program.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the GIMP's Microsoft Windows Bitmap (BMP) and Personal Computer\neXchange (PCX) image file plug-ins. An attacker could create a\nspecially-crafted BMP or PCX image file that, when opened, could cause the\nrelevant plug-in to crash or, potentially, execute arbitrary code with the\nprivileges of the user running the GIMP. (CVE-2009-1570, CVE-2011-1178)\n\nA heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro\n(PSP) image file plug-in. An attacker could create a specially-crafted PSP\nimage file that, when opened, could cause the PSP plug-in to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe GIMP. (CVE-2010-4543)\n\nA stack-based buffer overflow flaw was found in the GIMP's Sphere Designer\nimage filter. An attacker could create a specially-crafted Sphere Designer\nfilter configuration file that, when opened, could cause the Sphere\nDesigner plug-in to crash or, potentially, execute arbitrary code with the\nprivileges of the user running the GIMP. (CVE-2010-4541)\n\nRed Hat would like to thank Stefan Cornelius of Secunia Research for\nresponsibly reporting the CVE-2009-1570 flaw.\n\nUsers of the GIMP are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The GIMP must be\nrestarted for the update to take effect.\n", "cvss3": {}, "published": "2011-05-31T00:00:00", "type": "redhat", "title": "(RHSA-2011:0837) Moderate: gimp security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1570", "CVE-2010-4541", "CVE-2010-4543", "CVE-2011-1178"], "modified": "2017-09-08T07:51:30", "id": "RHSA-2011:0837", "href": "https://access.redhat.com/errata/RHSA-2011:0837", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-21T04:43:12", "description": "The GIMP (GNU Image Manipulation Program) is an image composition and\nediting program.\n\nMultiple integer overflow flaws, leading to heap-based buffer overflows,\nwere found in the GIMP's Adobe Photoshop (PSD) image file plug-in. An\nattacker could create a specially-crafted PSD image file that, when opened,\ncould cause the PSD plug-in to crash or, potentially, execute arbitrary\ncode with the privileges of the user running the GIMP. (CVE-2009-3909,\nCVE-2012-3402)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the GIMP's GIF image format plug-in. An attacker could create a\nspecially-crafted GIF image file that, when opened, could cause the GIF\nplug-in to crash or, potentially, execute arbitrary code with the\nprivileges of the user running the GIMP. (CVE-2012-3481)\n\nA heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch (LZW)\ndecompression algorithm implementation used by the GIMP's GIF image format\nplug-in. An attacker could create a specially-crafted GIF image file that,\nwhen opened, could cause the GIF plug-in to crash or, potentially, execute\narbitrary code with the privileges of the user running the GIMP.\n(CVE-2011-2896)\n\nA heap-based buffer overflow flaw was found in the GIMP's KiSS CEL file\nformat plug-in. An attacker could create a specially-crafted KiSS palette\nfile that, when opened, could cause the CEL plug-in to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe GIMP. (CVE-2012-3403)\n\nRed Hat would like to thank Secunia Research for reporting CVE-2009-3909,\nand Matthias Weckbecker of the SUSE Security Team for reporting\nCVE-2012-3481.\n\nUsers of the GIMP are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The GIMP must be\nrestarted for the update to take effect.\n", "cvss3": {}, "published": "2012-08-20T00:00:00", "type": "redhat", "title": "(RHSA-2012:1181) Moderate: gimp security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3909", "CVE-2011-2896", "CVE-2012-3402", "CVE-2012-3403", "CVE-2012-3481"], "modified": "2017-09-08T07:54:15", "id": "RHSA-2012:1181", "href": "https://access.redhat.com/errata/RHSA-2012:1181", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-21T04:44:40", "description": "The GIMP (GNU Image Manipulation Program) is an image composition and\nediting program.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the GIMP's Microsoft Windows Bitmap (BMP) and Personal Computer\neXchange (PCX) image file plug-ins. An attacker could create a\nspecially-crafted BMP or PCX image file that, when opened, could cause the\nrelevant plug-in to crash or, potentially, execute arbitrary code with the\nprivileges of the user running the GIMP. (CVE-2009-1570, CVE-2011-1178)\n\nA heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro\n(PSP) image file plug-in. An attacker could create a specially-crafted PSP\nimage file that, when opened, could cause the PSP plug-in to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe GIMP. (CVE-2010-4543)\n\nA stack-based buffer overflow flaw was found in the GIMP's Lightning,\nSphere Designer, and Gfig image filters. An attacker could create a\nspecially-crafted Lightning, Sphere Designer, or Gfig filter configuration\nfile that, when opened, could cause the relevant plug-in to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe GIMP. (CVE-2010-4540, CVE-2010-4541, CVE-2010-4542)\n\nRed Hat would like to thank Stefan Cornelius of Secunia Research for\nresponsibly reporting the CVE-2009-1570 flaw.\n\nUsers of the GIMP are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The GIMP must be\nrestarted for the update to take effect.\n", "cvss3": {}, "published": "2011-05-31T00:00:00", "type": "redhat", "title": "(RHSA-2011:0838) Moderate: gimp security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1570", "CVE-2010-4540", "CVE-2010-4541", "CVE-2010-4542", "CVE-2010-4543", "CVE-2011-1178"], "modified": "2017-09-08T07:53:46", "id": "RHSA-2011:0838", "href": "https://access.redhat.com/errata/RHSA-2011:0838", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2022-02-27T11:56:53", "description": "**CentOS Errata and Security Advisory** CESA-2011:0837\n\n\nThe GIMP (GNU Image Manipulation Program) is an image composition and\nediting program.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the GIMP's Microsoft Windows Bitmap (BMP) and Personal Computer\neXchange (PCX) image file plug-ins. An attacker could create a\nspecially-crafted BMP or PCX image file that, when opened, could cause the\nrelevant plug-in to crash or, potentially, execute arbitrary code with the\nprivileges of the user running the GIMP. (CVE-2009-1570, CVE-2011-1178)\n\nA heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro\n(PSP) image file plug-in. An attacker could create a specially-crafted PSP\nimage file that, when opened, could cause the PSP plug-in to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe GIMP. (CVE-2010-4543)\n\nA stack-based buffer overflow flaw was found in the GIMP's Sphere Designer\nimage filter. An attacker could create a specially-crafted Sphere Designer\nfilter configuration file that, when opened, could cause the Sphere\nDesigner plug-in to crash or, potentially, execute arbitrary code with the\nprivileges of the user running the GIMP. (CVE-2010-4541)\n\nRed Hat would like to thank Stefan Cornelius of Secunia Research for\nresponsibly reporting the CVE-2009-1570 flaw.\n\nUsers of the GIMP are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The GIMP must be\nrestarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2011-June/054522.html\nhttps://lists.centos.org/pipermail/centos-announce/2011-June/054523.html\n\n**Affected packages:**\ngimp\ngimp-devel\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2011:0837", "cvss3": {}, "published": "2011-06-01T12:26:39", "type": "centos", "title": "gimp security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1570", "CVE-2010-4541", "CVE-2010-4543", "CVE-2011-1178"], "modified": "2011-06-01T12:27:19", "id": "CESA-2011:0837", "href": "https://lists.centos.org/pipermail/centos-announce/2011-June/054522.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-27T11:55:26", "description": "**CentOS Errata and Security Advisory** CESA-2012:1181\n\n\nThe GIMP (GNU Image Manipulation Program) is an image composition and\nediting program.\n\nMultiple integer overflow flaws, leading to heap-based buffer overflows,\nwere found in the GIMP's Adobe Photoshop (PSD) image file plug-in. An\nattacker could create a specially-crafted PSD image file that, when opened,\ncould cause the PSD plug-in to crash or, potentially, execute arbitrary\ncode with the privileges of the user running the GIMP. (CVE-2009-3909,\nCVE-2012-3402)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the GIMP's GIF image format plug-in. An attacker could create a\nspecially-crafted GIF image file that, when opened, could cause the GIF\nplug-in to crash or, potentially, execute arbitrary code with the\nprivileges of the user running the GIMP. (CVE-2012-3481)\n\nA heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch (LZW)\ndecompression algorithm implementation used by the GIMP's GIF image format\nplug-in. An attacker could create a specially-crafted GIF image file that,\nwhen opened, could cause the GIF plug-in to crash or, potentially, execute\narbitrary code with the privileges of the user running the GIMP.\n(CVE-2011-2896)\n\nA heap-based buffer overflow flaw was found in the GIMP's KiSS CEL file\nformat plug-in. An attacker could create a specially-crafted KiSS palette\nfile that, when opened, could cause the CEL plug-in to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe GIMP. (CVE-2012-3403)\n\nRed Hat would like to thank Secunia Research for reporting CVE-2009-3909,\nand Matthias Weckbecker of the SUSE Security Team for reporting\nCVE-2012-3481.\n\nUsers of the GIMP are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The GIMP must be\nrestarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2012-August/055728.html\n\n**Affected packages:**\ngimp\ngimp-devel\ngimp-libs\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2012:1181", "cvss3": {}, "published": "2012-08-20T15:14:54", "type": "centos", "title": "gimp security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3909", "CVE-2011-2896", "CVE-2012-3402", "CVE-2012-3403", "CVE-2012-3481"], "modified": "2012-08-20T15:14:54", "id": "CESA-2012:1181", "href": "https://lists.centos.org/pipermail/centos-announce/2012-August/055728.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-27T11:56:59", "description": "**CentOS Errata and Security Advisory** CESA-2011:0838\n\n\nThe GIMP (GNU Image Manipulation Program) is an image composition and\nediting program.\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the GIMP's Microsoft Windows Bitmap (BMP) and Personal Computer\neXchange (PCX) image file plug-ins. An attacker could create a\nspecially-crafted BMP or PCX image file that, when opened, could cause the\nrelevant plug-in to crash or, potentially, execute arbitrary code with the\nprivileges of the user running the GIMP. (CVE-2009-1570, CVE-2011-1178)\n\nA heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro\n(PSP) image file plug-in. An attacker could create a specially-crafted PSP\nimage file that, when opened, could cause the PSP plug-in to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe GIMP. (CVE-2010-4543)\n\nA stack-based buffer overflow flaw was found in the GIMP's Lightning,\nSphere Designer, and Gfig image filters. An attacker could create a\nspecially-crafted Lightning, Sphere Designer, or Gfig filter configuration\nfile that, when opened, could cause the relevant plug-in to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nthe GIMP. (CVE-2010-4540, CVE-2010-4541, CVE-2010-4542)\n\nRed Hat would like to thank Stefan Cornelius of Secunia Research for\nresponsibly reporting the CVE-2009-1570 flaw.\n\nUsers of the GIMP are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The GIMP must be\nrestarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2011-May/054516.html\nhttps://lists.centos.org/pipermail/centos-announce/2011-May/054517.html\n\n**Affected packages:**\ngimp\ngimp-devel\ngimp-libs\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2011:0838", "cvss3": {}, "published": "2011-05-31T17:02:44", "type": "centos", "title": "gimp security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1570", "CVE-2010-4540", "CVE-2010-4541", "CVE-2010-4542", "CVE-2010-4543", "CVE-2011-1178"], "modified": "2011-05-31T17:02:44", "id": "CESA-2011:0838", "href": "https://lists.centos.org/pipermail/centos-announce/2011-May/054516.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:39", "description": "[2.0.5-7.0.7.el4.1]\n- unfuzz validate-size-values patch\n- don't use Prereq\n- fix various overflows (#537356, #689831, #703403, #703407, #704512)", "cvss3": {}, "published": "2011-05-31T00:00:00", "type": "oraclelinux", "title": "gimp security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2010-4541", "CVE-2011-1178", "CVE-2010-4543", "CVE-2009-1570"], "modified": "2011-05-31T00:00:00", "id": "ELSA-2011-0837", "href": "http://linux.oracle.com/errata/ELSA-2011-0837.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:02", "description": "[2:2.2.13-2.0.7.el5_8.5]\n- fix overflow in GIF loader (CVE-2012-3481)\n[2:2.2.13-2.0.7.el5_8.4]\n- fix overflows in PSD plugin (CVE-2009-3909, CVE-2012-3402)\n- fix heap corruption and overflow in GIF plug-in (CVE-2011-2896)\n- fix overflow in CEL plug-in (CVE-2012-3403)", "cvss3": {}, "published": "2012-08-20T00:00:00", "type": "oraclelinux", "title": "gimp security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-3403", "CVE-2009-3909", "CVE-2012-3402", "CVE-2012-3481", "CVE-2011-2896"], "modified": "2012-08-20T00:00:00", "id": "ELSA-2012-1181", "href": "http://linux.oracle.com/errata/ELSA-2012-1181.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:08", "description": "[2:2.2.13-2.0.7.2]\n- fix various overflows (#537356, #666793, #689831, #703403, #703405, #703407,\n - unfuzz gimphelpmissing, icontheme patches", "cvss3": {}, "published": "2011-05-31T00:00:00", "type": "oraclelinux", "title": "gimp security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2010-4541", "CVE-2010-4542", "CVE-2011-1178", "CVE-2010-4540", "CVE-2010-4543", "CVE-2009-1570"], "modified": "2011-05-31T00:00:00", "id": "ELSA-2011-0838", "href": "http://linux.oracle.com/errata/ELSA-2011-0838.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2021-10-22T00:46:31", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1941-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nNovember 25, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : poppler\nVulnerability : several\nProblem type : local(remote)\nDebian-specific: no\nCVE Id(s) : CVE-2009-0755 CVE-2009-3903 CVE-2009-3904 CVE-2009-3905 CVE-2009-3906 CVE-2009-3907 CVE-2009-3908 CVE-2009-3909 CVE-2009-3938\n\nSeveral integer overflows, buffer overflows and memory allocation\nerrors were discovered in the Poppler PDF rendering library, which may\nlead to denial of service or the execution of arbitrary code if a user\nis tricked into opening a malformed PDF document.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 0.8.7-3.\n\nAn update for the old stable distribution (etch) will be issued soon as\nversion 0.4.5-5.1etch4.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your poppler packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/p/poppler/poppler_0.8.7.orig.tar.gz\n Size/MD5 checksum: 1469587 9af81429d6f8639c357a5eed25583365\n http://security.debian.org/pool/updates/main/p/poppler/poppler_0.8.7-3.diff.gz\n Size/MD5 checksum: 23304 55a0a858e65401534120b10b08c62256\n http://security.debian.org/pool/updates/main/p/poppler/poppler_0.8.7-3.dsc\n Size/MD5 checksum: 1481 4e0f8c954b0f7072d868b03da79799c7\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-3_alpha.deb\n Size/MD5 checksum: 1334790 adc6ceeb368e0d4feebdf8163e2281e4\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-3_alpha.deb\n Size/MD5 checksum: 196974 20d4df914f08ed2ccef0859dadcff863\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-3_alpha.deb\n Size/MD5 checksum: 234664 f330cdb0bf1ee9001edb92677ff2d94d\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-3_alpha.deb\n Size/MD5 checksum: 180372 701c9f92558359ec676ac7ed8c402abc\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-3_alpha.deb\n Size/MD5 checksum: 220194 74703001f5c2588a415a53e0e61db107\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-3_alpha.deb\n Size/MD5 checksum: 452496 45ec03d58a9b33c941625d29ea726514\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-3_alpha.deb\n Size/MD5 checksum: 329740 9b5b796f66136fccdd68ee2fb4410239\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-3_alpha.deb\n Size/MD5 checksum: 891178 06d13d1837a263952327b5e1910bb049\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-3_alpha.deb\n Size/MD5 checksum: 302962 343524216b65fad03cf7292183ad4760\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-3_alpha.deb\n Size/MD5 checksum: 3204196 077162dc4649e5e4e8e049e72ab2421c\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-3_amd64.deb\n Size/MD5 checksum: 232070 24aa1dea8c17e539aacc23f5ca2ff683\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-3_amd64.deb\n Size/MD5 checksum: 358464 8b52ef334b17065d7355c1f944407e3f\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-3_amd64.deb\n Size/MD5 checksum: 3148528 fdaa186b15cd2ff806d3e69f9924b792\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-3_amd64.deb\n Size/MD5 checksum: 178226 4b9ae48661be12327e3dc8f79f6cbd5f\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-3_amd64.deb\n Size/MD5 checksum: 840192 690949b3a40aa59f1b2952cd48dea805\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-3_amd64.deb\n Size/MD5 checksum: 1118416 34453c3ec346cc34b4ef94774d9bd975\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-3_amd64.deb\n Size/MD5 checksum: 184820 3fc994f62c6e4f5c5615e48b5591574c\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-3_amd64.deb\n Size/MD5 checksum: 313712 2f16ec788446b18a6ce0313ff233552b\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-3_amd64.deb\n Size/MD5 checksum: 217370 51b12c5a9b716bef3cd8a5d29b4ac652\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-3_amd64.deb\n Size/MD5 checksum: 274990 0f168bd7e2f0f201c4f1b5436c252987\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-3_arm.deb\n Size/MD5 checksum: 1096672 01910f32db12361cf60f109f986f1324\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-3_arm.deb\n Size/MD5 checksum: 341724 4795d7bae33531c80bb14fc51e8c9952\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-3_arm.deb\n Size/MD5 checksum: 226514 2d2f7ab236403d3a7040aa09e7832b1c\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-3_arm.deb\n Size/MD5 checksum: 389880 8a6b100417108055bf4dc1d40d77fa8b\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-3_arm.deb\n Size/MD5 checksum: 208128 7fad0af4bd923fc218c4ed6a9aee0a48\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-3_arm.deb\n Size/MD5 checksum: 807458 2e631c2cdbf34f7847d9106adca8d6c6\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-3_arm.deb\n Size/MD5 checksum: 3115760 99c003b02687fe4caeae077cc58cc00d\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-3_arm.deb\n Size/MD5 checksum: 178000 6e68b3d42d47efabb7f1712862103d20\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-3_arm.deb\n Size/MD5 checksum: 184604 1066c02c90002b2b69350619738963c3\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-3_arm.deb\n Size/MD5 checksum: 270488 703a85948bb11c02d0e3b86237e7455d\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-3_armel.deb\n Size/MD5 checksum: 207820 8098dd11c17d88a38f02eb38a7e48df8\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-3_armel.deb\n Size/MD5 checksum: 376028 ff27722643819e5693823193cc6749ea\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-3_armel.deb\n Size/MD5 checksum: 273904 8077b3f075149e533852a8c24467def9\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-3_armel.deb\n Size/MD5 checksum: 222166 0864461cfc76015274da63192778e1f2\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-3_armel.deb\n Size/MD5 checksum: 776950 f34caa24fb31c36ab32162315d706a17\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-3_armel.deb\n Size/MD5 checksum: 1108574 de0fe0a522dc1eb18db681b9a96ee089\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-3_armel.deb\n Size/MD5 checksum: 181564 a6d91d3f6ae1f43e450264bdad083e04\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-3_armel.deb\n Size/MD5 checksum: 174198 d1bd20388d59831b8aa6b0a9dfe9a537\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-3_armel.deb\n Size/MD5 checksum: 3157178 52340e4305b95a6b6f8e07cef9c94647\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-3_armel.deb\n Size/MD5 checksum: 310682 ff8775a24d86a006b4bdee549095a543\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-3_hppa.deb\n Size/MD5 checksum: 291400 18dc7b5a55715f920734a0c9080bb8e4\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-3_hppa.deb\n Size/MD5 checksum: 188042 3c054ee2136540e9c378d03f032900e2\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-3_hppa.deb\n Size/MD5 checksum: 929630 70bfae8d06c8b9654a09d1cd8ffb442c\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-3_hppa.deb\n Size/MD5 checksum: 335326 32e7009057d2213232e4eab347ad6082\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-3_hppa.deb\n Size/MD5 checksum: 180650 5756cb5df58f9bded9ddd34fe17fb6a0\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-3_hppa.deb\n Size/MD5 checksum: 3140906 8f80e2f2f99c1021d1167ed432480914\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-3_hppa.deb\n Size/MD5 checksum: 234754 42029ce3bfc33844b96140c438358993\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-3_hppa.deb\n Size/MD5 checksum: 390020 984a6eb8add88e15cf1b0b749ffb5686\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-3_hppa.deb\n Size/MD5 checksum: 1260894 092507febedac1f845b542b5da11820c\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-3_hppa.deb\n Size/MD5 checksum: 225948 da2eabf0c906824a1ae02b95cdc97a8f\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-3_i386.deb\n Size/MD5 checksum: 270290 c8e64a55fbeae9dec7382d7ffc4860d7\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-3_i386.deb\n Size/MD5 checksum: 181818 7790ec0d1b045bac5ad8acf5b273d322\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-3_i386.deb\n Size/MD5 checksum: 226530 012aaf45768ca8ca22a6d13073b0011c\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-3_i386.deb\n Size/MD5 checksum: 312708 0858c85c7bb2627f97e312caa7ac080b\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-3_i386.deb\n Size/MD5 checksum: 344388 d5146377e2679555858662b0ee9a904b\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-3_i386.deb\n Size/MD5 checksum: 3061938 2ec5991343c3b279641beee69d0253e3\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-3_i386.deb\n Size/MD5 checksum: 177704 d31a5e3e4df9c41e52619e134a75d4af\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-3_i386.deb\n Size/MD5 checksum: 1053900 da7cc53970b606d599e5f02e0d068cc9\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-3_i386.deb\n Size/MD5 checksum: 214612 bd5a6265f16cd51d4901692cfcaa655b\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-3_i386.deb\n Size/MD5 checksum: 813824 a4744ae2b084c5a15485f4f3ec82342f\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-3_ia64.deb\n Size/MD5 checksum: 232988 3eb095121469ddad24dfbb347d65bda7\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-3_ia64.deb\n Size/MD5 checksum: 257208 eb1bfcf546e7a7ddc9071a8f7749ec7d\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-3_ia64.deb\n Size/MD5 checksum: 195248 6c0d4510170d24342bee6732e416e497\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-3_ia64.deb\n Size/MD5 checksum: 184620 ffa1bf57a03e82db9d76a177c539f1b4\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-3_ia64.deb\n Size/MD5 checksum: 302272 bc12525cd130ccce7f6858b459352a7e\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-3_ia64.deb\n Size/MD5 checksum: 353056 e9797db4c7161a44ee19b0b9904a93b6\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-3_ia64.deb\n Size/MD5 checksum: 1421660 9de0b7b911c9e45a64755a00b8efe56f\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-3_ia64.deb\n Size/MD5 checksum: 1073678 a7105ee7b1a5e1320fa0bd337a9c071b\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-3_ia64.deb\n Size/MD5 checksum: 3105780 4c18b21c30873abc144cfbdbda3afa2a\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-3_ia64.deb\n Size/MD5 checksum: 424280 754097ccdf1e2018c27cc23e77611025\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-3_mips.deb\n Size/MD5 checksum: 187976 77a7d378772b5b06e0246bed481f9d5f\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-3_mips.deb\n Size/MD5 checksum: 177002 4c199ed2c3122490bdb3187690cb8e74\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-3_mips.deb\n Size/MD5 checksum: 231638 4f1630307637dd91b4b81eb770801689\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-3_mips.deb\n Size/MD5 checksum: 215024 774f9149da9f2b1c8f19f645add40b8b\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-3_mips.deb\n Size/MD5 checksum: 390492 7f387232dc7aef639211309e8e0182d0\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-3_mips.deb\n Size/MD5 checksum: 826354 04377b34bb9389e94942d4a7fc7e021c\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-3_mips.deb\n Size/MD5 checksum: 3230814 cccbe96a091ce019d54653bf0e41c69a\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-3_mips.deb\n Size/MD5 checksum: 302368 e7152a0a6618bd05d124c0ce6ee42c53\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-3_mips.deb\n Size/MD5 checksum: 287688 c8711627da0a79d362d90ee8f681f091\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-3_mips.deb\n Size/MD5 checksum: 1219124 755a505cef94d51b148568310e5871fc\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-3_mipsel.deb\n Size/MD5 checksum: 187086 3dd27225aff82082503d8cacd72a0ec2\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-3_mipsel.deb\n Size/MD5 checksum: 804582 f97409504883b64db0f4b0238800fd5a\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-3_mipsel.deb\n Size/MD5 checksum: 1200616 122b5b413a0579e6fa4bd868a0c38ba9\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-3_mipsel.deb\n Size/MD5 checksum: 386556 695b7729cfe1fb62cd6d4f37d60f8df0\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-3_mipsel.deb\n Size/MD5 checksum: 214066 505a894995efb5624e7226d578c6984c\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-3_mipsel.deb\n Size/MD5 checksum: 287962 e2330f7095902dbcb6eea90f7fec5c0e\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-3_mipsel.deb\n Size/MD5 checksum: 231700 931ad6728924a8511ec0bb193be0f4a9\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-3_mipsel.deb\n Size/MD5 checksum: 3123054 a8a5ff5547608a095ce709227fe70bee\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-3_mipsel.deb\n Size/MD5 checksum: 300122 a52f2f9d10e0cef69551e2e533109467\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-3_mipsel.deb\n Size/MD5 checksum: 176902 29ecd0b702c9bb11404efde67cdd5b7b\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-3_powerpc.deb\n Size/MD5 checksum: 185164 550684aab0a186e611e4360b6624cdd8\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-3_powerpc.deb\n Size/MD5 checksum: 285208 7988738bbc015bb16fcab13bbbbcc20b\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-3_powerpc.deb\n Size/MD5 checksum: 360804 42cab8e240b4a7de9e62202b83039360\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-3_powerpc.deb\n Size/MD5 checksum: 1183416 789101eaaafe977e949827750872da66\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-3_powerpc.deb\n Size/MD5 checksum: 882860 8bc2784a8663b1d077dfc5d9866d40e9\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-3_powerpc.deb\n Size/MD5 checksum: 181116 f9f78a295a924ead21ad588a7949e9d2\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-3_powerpc.deb\n Size/MD5 checksum: 222218 4f8ac7559664c3e9a31f6b31e88a65ce\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-3_powerpc.deb\n Size/MD5 checksum: 317990 66b3b30f8baf1ab964f0437f551621e5\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-3_powerpc.deb\n Size/MD5 checksum: 3226062 6c3cc30f6a0c2bdac5ec06e1b928338a\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-3_powerpc.deb\n Size/MD5 checksum: 247222 c0c68194014f269724c999e5b16f9eba\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-3_s390.deb\n Size/MD5 checksum: 218252 e41d127f260ba15a56dc7b42611146bd\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-3_s390.deb\n Size/MD5 checksum: 182512 de685e8065837a6ea411d8a84abaffd0\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-3_s390.deb\n Size/MD5 checksum: 312702 8d45e17d8ac29291704765d523b7179e\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-3_s390.deb\n Size/MD5 checksum: 177556 f5ce014d7fe7defeb8dc76af8ca1b885\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-3_s390.deb\n Size/MD5 checksum: 349670 a2b956fc22a75710329117ddcf824ea4\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-3_s390.deb\n Size/MD5 checksum: 279260 89bf9399206e169eee1bc521c4d38386\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-3_s390.deb\n Size/MD5 checksum: 229604 e5c36cd62c71b7238e37802f05688df7\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-3_s390.deb\n Size/MD5 checksum: 3246660 622484103366a278451786b563c017fc\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-3_s390.deb\n Size/MD5 checksum: 841254 e03aa30315c8a933f165acb45d4fe846\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-3_s390.deb\n Size/MD5 checksum: 1122140 54d336a0cb8dc7f022e2960e4c393a3f\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-3_sparc.deb\n Size/MD5 checksum: 310956 2ad62b41966206abf6a5e51abdc76310\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-3_sparc.deb\n Size/MD5 checksum: 226786 68b42902f07c3a4542d7b7c71aee481d\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-3_sparc.deb\n Size/MD5 checksum: 3009938 0390643723092537919e6d2c62f5f4cb\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-3_sparc.deb\n Size/MD5 checksum: 214264 10a5fa450895a7d4f2340472b034dfb2\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-3_sparc.deb\n Size/MD5 checksum: 823062 6565194cdd9987d092b427e164ff68cc\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-3_sparc.deb\n Size/MD5 checksum: 348108 950535a89f3e90c8c1f49176835dfe6a\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-3_sparc.deb\n Size/MD5 checksum: 272798 eabf47fa697c8beadaf5ea07f7b8a892\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-3_sparc.deb\n Size/MD5 checksum: 176666 8d35ce9b58c1bc0aafa14c90bc5b4726\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-3_sparc.deb\n Size/MD5 checksum: 181458 50b63df965e98f463af9bab524685d88\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-3_sparc.deb\n Size/MD5 checksum: 1077822 fd0a234b61e3b1e55d6c2dd7751453da\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;", "cvss3": {}, "published": "2009-11-25T22:37:47", "type": "debian", "title": "[SECURITY] [DSA 1941-1] New poppler packages fix several vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0755", "CVE-2009-3903", "CVE-2009-3904", "CVE-2009-3905", "CVE-2009-3906", "CVE-2009-3907", "CVE-2009-3908", "CVE-2009-3909", "CVE-2009-3938"], "modified": "2009-11-25T22:37:47", "id": "DEBIAN:DSA-1941-1:32EAD", "href": "https://lists.debian.org/debian-security-announce/2009/msg00264.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}