Lucene search

Veracode Vulnerability DatabaseVERACODE:24544

HistoryApr 10, 2020 - 12:56 a.m.

Arbitrary Code Execution

2020-04-1000:56:37

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

JSON

gimp is vulnerable to arbitrary code execution. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP’s Microsoft Windows Bitmap (BMP) and Personal Computer eXchange (PCX) image file plug-ins. An attacker could create a specially-crafted BMP or PCX image file that, when opened, could cause the relevant plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP.

CPENameOperatorVersion
gimpeq2.2.13__2.el5
gimpeq2.0.5__6.2.el4
gimpeq2.2.13__2.el5
gimpeq2.0.5__6.2.el4

Name	Operator	Version
gimp	eq	2.2.13__2.el5
gimp	eq	2.0.5__6.2.el4
gimp	eq	2.2.13__2.el5
gimp	eq	2.0.5__6.2.el4

References

git.gnome.org/browse/gimp/commit/?id=a9671395f6573e90316a9d748588c5435216f6ce

secunia.com/advisories/50737

security.gentoo.org/glsa/glsa-201209-23.xml

securitytracker.com/id?1025586

www.mandriva.com/security/advisories?name=MDVSA-2011:110

www.redhat.com/support/errata/RHSA-2011-0837.html

www.redhat.com/support/errata/RHSA-2011-0838.html

www.securityfocus.com/bid/48057

access.redhat.com/errata/RHSA-2011:0837

access.redhat.com/errata/RHSA-2011:0838

access.redhat.com/security/cve/CVE-2011-1178

access.redhat.com/security/updates/classification/#moderate

bugzilla.redhat.com/show_bug.cgi?id=689831

exchange.xforce.ibmcloud.com/vulnerabilities/67787

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

JSON

Related for VERACODE:24544