Remote Code Execution (RCE)

2019-01-1508:52:20

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

gimp is vulnerable to remote code execution (RCE) attacks. The vulnerability exists due to multiple stack-based buffer overflows in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.8.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large (1) red, (2) green, or (3) blue color mask in an XWD file.

CPENameOperatorVersion
gimpeq2.2.13__2.0.7.el5_6.2
gimpeq2.2.13__2.el5
gimpeq2.2.13__2.0.7.el5
gimpeq2.2.13__2.0.7.el5_8.5
gimpeq2.6.9__4.el6_1.1
gimpeq2.6.9__4.el6_3.3
gimpeq2.2.13__2.0.10.el5
gimpeq2.6.9__4.el6
gimpeq2.2.13__2.0.7.el5_6.2
gimpeq2.2.13__2.el5

Name	Operator	Version
gimp	eq	2.2.13__2.0.7.el5_6.2
gimp	eq	2.2.13__2.el5
gimp	eq	2.2.13__2.0.7.el5
gimp	eq	2.2.13__2.0.7.el5_8.5
gimp	eq	2.6.9__4.el6_1.1
gimp	eq	2.6.9__4.el6_3.3
gimp	eq	2.2.13__2.0.10.el5
gimp	eq	2.6.9__4.el6
gimp	eq	2.2.13__2.0.7.el5_6.2
gimp	eq	2.2.13__2.el5