GoogleOSV:DSA-1335-1gimp
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.29 Low
EPSS
Percentile
96.3%
Several remote vulnerabilities have been discovered in Gimp, the GNU Image
Manipulation Program, which might lead to the execution of arbitrary code.
The Common Vulnerabilities and Exposures project identifies the following
problems:
- CVE-2006-4519
Sean Larsson discovered several integer overflows in the processing
code for DICOM, PNM, PSD, RAS, XBM and XWD images, which might lead
to the execution of arbitrary code if a user is tricked into opening
such a malformed media file. - CVE-2007-2949
Stefan Cornelius discovered an integer overflow in the processing
code for PSD images, which might lead to the execution of arbitrary
code if a user is tricked into opening such a malformed media file.
For the oldstable distribution (sarge) these problems have been fixed in
version 2.2.6-1sarge4. Packages for mips and mipsel are not yet
available.
For the stable distribution (etch) these problems have been fixed
in version 2.2.13-1etch4. Packages for mips are not yet available.
For the unstable distribution (sid) these problems have been fixed in
version 2.2.17-1.
We recommend that you upgrade your gimp packages.
| CPE | Name | Operator | Version |
|---|---|---|---|
| gimp | eq | 2.2.13-1 | |
| gimp | eq | 2.2.13-1etch1 | |
| gimp | eq | 2.2.13-1etch3 |
References
Related
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.29 Low
EPSS
Percentile
96.3%