ID CVE-2007-2949
Summary Integer overflow in the seek_to_and_unpack_pixeldata function in the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute arbitrary code via a crafted PSD file that contains a large (1) width or (2) height value.
References
Vulnerable Configurations
  • cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:-:amd64
    cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:-:amd64
  • cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:-:i386
    cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:-:i386
  • cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:-:powerpc
    cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:-:powerpc
  • cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:-:sparc
    cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:-:sparc
  • cpe:2.3:o:ubuntu:ubuntu_linux:6.10:-:amd64
    cpe:2.3:o:ubuntu:ubuntu_linux:6.10:-:amd64
  • cpe:2.3:o:ubuntu:ubuntu_linux:6.10:-:i386
    cpe:2.3:o:ubuntu:ubuntu_linux:6.10:-:i386
  • cpe:2.3:o:ubuntu:ubuntu_linux:6.10:-:powerpc
    cpe:2.3:o:ubuntu:ubuntu_linux:6.10:-:powerpc
  • cpe:2.3:o:ubuntu:ubuntu_linux:6.10:-:sparc
    cpe:2.3:o:ubuntu:ubuntu_linux:6.10:-:sparc
  • cpe:2.3:o:ubuntu:ubuntu_linux:7.04:-:amd64
    cpe:2.3:o:ubuntu:ubuntu_linux:7.04:-:amd64
  • cpe:2.3:o:ubuntu:ubuntu_linux:7.04:-:i386
    cpe:2.3:o:ubuntu:ubuntu_linux:7.04:-:i386
  • cpe:2.3:o:ubuntu:ubuntu_linux:7.04:-:powerpc
    cpe:2.3:o:ubuntu:ubuntu_linux:7.04:-:powerpc
  • cpe:2.3:o:ubuntu:ubuntu_linux:7.04:-:sparc
    cpe:2.3:o:ubuntu:ubuntu_linux:7.04:-:sparc
  • cpe:2.3:a:the_gimp_team:gimp:1.2.5
    cpe:2.3:a:the_gimp_team:gimp:1.2.5
  • cpe:2.3:a:the_gimp_team:gimp:2.2.4
    cpe:2.3:a:the_gimp_team:gimp:2.2.4
  • cpe:2.3:a:the_gimp_team:gimp:2.2.6
    cpe:2.3:a:the_gimp_team:gimp:2.2.6
  • cpe:2.3:a:the_gimp_team:gimp:2.2.8
    cpe:2.3:a:the_gimp_team:gimp:2.2.8
  • cpe:2.3:a:the_gimp_team:gimp:2.2.10
    cpe:2.3:a:the_gimp_team:gimp:2.2.10
  • cpe:2.3:a:the_gimp_team:gimp:2.2.11
    cpe:2.3:a:the_gimp_team:gimp:2.2.11
  • cpe:2.3:a:the_gimp_team:gimp:2.2.12
    cpe:2.3:a:the_gimp_team:gimp:2.2.12
  • cpe:2.3:a:the_gimp_team:gimp:2.2.14
    cpe:2.3:a:the_gimp_team:gimp:2.2.14
  • cpe:2.3:a:the_gimp_team:gimp:2.2.15
    cpe:2.3:a:the_gimp_team:gimp:2.2.15
CVSS
Base: 6.8 (as of 05-07-2007 - 14:40)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200707-09.NASL
    description The remote host is affected by the vulnerability described in GLSA-200707-09 (GIMP: Multiple integer overflows) Sean Larsson from iDefense Labs discovered multiple integer overflows in various GIMP plugins (CVE-2006-4519). Stefan Cornelius from Secunia Research discovered an integer overflow in the seek_to_and_unpack_pixeldata() function when processing PSD files (CVE-2007-2949). Impact : A remote attacker could entice a user to open a specially crafted image file, possibly resulting in the execution of arbitrary code with the privileges of the user running GIMP. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 25791
    published 2007-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25791
    title GLSA-200707-09 : GIMP: Multiple integer overflows
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1335.NASL
    description Several remote vulnerabilities have been discovered in Gimp, the GNU Image Manipulation Program, which might lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-4519 Sean Larsson discovered several integer overflows in the processing code for DICOM, PNM, PSD, RAS, XBM and XWD images, which might lead to the execution of arbitrary code if a user is tricked into opening such a malformed media file. - CVE-2007-2949 Stefan Cornelius discovered an integer overflow in the processing code for PSD images, which might lead to the execution of arbitrary code if a user is tricked into opening such a malformed media file.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 25744
    published 2007-07-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25744
    title Debian DSA-1335-1 : gimp - several vulnerabilities
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0513.NASL
    description From Red Hat Security Advisory 2007:0513 : Updated gimp packages that fix several security issues are now available for Red Hat Enterprise Linux. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. Multiple integer overflow and input validation flaws were found in The GIMP's image loaders. An attacker could create a carefully crafted image file that could cause The GIMP to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2006-4519, CVE-2007-2949, CVE-2007-3741) Users of The GIMP should update to these erratum packages, which contain a backported fix to correct these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67527
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67527
    title Oracle Linux 3 / 4 / 5 : gimp (ELSA-2007-0513)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-494-1.NASL
    description Sean Larsson discovered multiple integer overflows in Gimp. By tricking a user into opening a specially crafted DICOM, PNM, PSD, PSP, RAS, XBM, or XWD image, a remote attacker could exploit this to execute arbitrary code with the user's privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 28096
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28096
    title Ubuntu 6.06 LTS / 6.10 / 7.04 : gimp vulnerability (USN-494-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20070926_GIMP_ON_SL5_X.NASL
    description Multiple integer overflow and input validation flaws were found in The GIMP's image loaders. An attacker could create a carefully crafted image file that could cause The GIMP to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2006-4519, CVE-2007-2949, CVE-2007-3741)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60256
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60256
    title Scientific Linux Security Update : gimp on SL5.x, SL4.x, SL3.x i386/x86_64
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-480-1.NASL
    description Stefan Cornelius discovered that Gimp could miscalculate the size of heap buffers when processing PSD images. By tricking a user into opening a specially crafted PSD file with Gimp, an attacker could exploit this to execute arbitrary code with the user's privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 28081
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28081
    title Ubuntu 6.06 LTS / 6.10 / 7.04 : gimp vulnerability (USN-480-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_GIMP-3962.NASL
    description The image editor gimp was updated to fix a integer overflow in the handling of PSD files. By providing a crafted PSD file and tricking the user to open it an attacker could execute code. (CVE-2007-2949)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29443
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29443
    title SuSE 10 Security Update : gimp (ZYPP Patch Number 3962)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-170.NASL
    description Multiple integer overflows in the image loader plug-ins in GIMP before 2.2.16 allow user-assisted remote attackers to execute arbitrary code via crafted length values in (1) DICOM, (2) PNM, (3) PSD, (4) PSP, (5) Sun RAS, (6) XBM, and (7) XWD files. (CVE-2006-4519) Integer overflow in the seek_to_and_unpack_pixeldata function in the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute arbitrary code via a crafted PSD file that contains a large (1) width or (2) height value. (CVE-2007-2949) Victor Stinner has discovered several flaws in file plug-ins using his fuzzyfier tool fusil. Several modified image files cause the plug-ins to crash or consume excessive amounts of memory due to insufficient input validation. Affected plug-ins: bmp, pcx, psd, psp (*.tub). (CVE-2007-3741) Updated packages have been patched to prevent these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 25947
    published 2007-08-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25947
    title Mandrake Linux Security Advisory : gimp (MDKSA-2007:170)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_GIMP-3949.NASL
    description The image editor GIMP was updated to fix a integer overflow in the handling of PSD files. By providing a crafted PSD file and tricking the user to open it an attacker could execute code. (CVE-2007-2949)
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27236
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27236
    title openSUSE 10 Security Update : gimp (gimp-3949)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2007-222-01.NASL
    description New gimp packages are available for Slackware 10.2, 11.0, and 12.0 to fix security issues.
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 25844
    published 2007-08-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25844
    title Slackware 10.2 / 11.0 / 12.0 : gimp (SSA:2007-222-01)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0513.NASL
    description Updated gimp packages that fix several security issues are now available for Red Hat Enterprise Linux. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. Multiple integer overflow and input validation flaws were found in The GIMP's image loaders. An attacker could create a carefully crafted image file that could cause The GIMP to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2006-4519, CVE-2007-2949, CVE-2007-3741) Users of The GIMP should update to these erratum packages, which contain a backported fix to correct these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 26189
    published 2007-09-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26189
    title RHEL 2.1 / 3 / 4 / 5 : gimp (RHSA-2007:0513)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0513.NASL
    description Updated gimp packages that fix several security issues are now available for Red Hat Enterprise Linux. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. Multiple integer overflow and input validation flaws were found in The GIMP's image loaders. An attacker could create a carefully crafted image file that could cause The GIMP to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2006-4519, CVE-2007-2949, CVE-2007-3741) Users of The GIMP should update to these erratum packages, which contain a backported fix to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 26203
    published 2007-10-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26203
    title CentOS 3 / 4 / 5 : gimp (CESA-2007:0513)
oval via4
  • accepted 2013-04-29T04:12:51.227-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description Integer overflow in the seek_to_and_unpack_pixeldata function in the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute arbitrary code via a crafted PSD file that contains a large (1) width or (2) height value.
    family unix
    id oval:org.mitre.oval:def:11276
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Integer overflow in the seek_to_and_unpack_pixeldata function in the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute arbitrary code via a crafted PSD file that contains a large (1) width or (2) height value.
    version 25
  • accepted 2008-10-20T04:00:22.365-04:00
    class vulnerability
    contributors
    name Pai Peng
    organization Hewlett-Packard
    definition_extensions
    • comment Solaris 10 (SPARC) is installed
      oval oval:org.mitre.oval:def:1440
    • comment Solaris 9 (x86) is installed
      oval oval:org.mitre.oval:def:1683
    • comment Solaris 10 (x86) is installed
      oval oval:org.mitre.oval:def:1926
    description Integer overflow in the seek_to_and_unpack_pixeldata function in the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute arbitrary code via a crafted PSD file that contains a large (1) width or (2) height value.
    family unix
    id oval:org.mitre.oval:def:5772
    status accepted
    submitted 2008-09-11T11:37:41.000-04:00
    title PSD Plugin of Gimp vulnerability
    version 31
redhat via4
advisories
rhsa
id RHSA-2007:0513
rpms
  • gimp-1:1.2.3-20.9.el3
  • gimp-devel-1:1.2.3-20.9.el3
  • gimp-perl-1:1.2.3-20.9.el3
  • gimp-1:2.0.5-7.0.7.el4
  • gimp-devel-1:2.0.5-7.0.7.el4
  • gimp-2:2.2.13-2.0.7.el5
  • gimp-devel-2:2.2.13-2.0.7.el5
  • gimp-libs-2:2.2.13-2.0.7.el5
refmap via4
bid 24745
cert-vn VU#399896
confirm
debian DSA-1335
gentoo GLSA-200707-09
mandriva MDKSA-2007:170
misc http://secunia.com/secunia_research/2007-63/advisory/
osvdb 37804
secunia
  • 25677
  • 25949
  • 26044
  • 26132
  • 26215
  • 26384
  • 26575
  • 26939
  • 28114
slackware SSA:2007-222-01
sunalert
  • 103170
  • 201320
suse SUSE-SR:2007:015
ubuntu USN-480-1
vupen
  • ADV-2007-2421
  • ADV-2007-4241
xf gimp-unpackpixeldata-code-execution(35246)
Last major update 30-10-2012 - 22:36
Published 04-07-2007 - 11:30
Last modified 10-10-2017 - 21:32
Back to Top