ID CVE-2007-3741
Summary The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp allow user-assisted remote attackers to cause a denial of service (crash or memory consumption) via crafted image files, as discovered using the fusil fuzzing tool.
References
Vulnerable Configurations
  • Mandriva Linux
    cpe:2.3:o:mandriva:linux
  • GIMP
    cpe:2.3:a:gnu:gimp
CVSS
Base: 4.3 (as of 27-08-2007 - 15:32)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0513.NASL
    description From Red Hat Security Advisory 2007:0513 : Updated gimp packages that fix several security issues are now available for Red Hat Enterprise Linux. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. Multiple integer overflow and input validation flaws were found in The GIMP's image loaders. An attacker could create a carefully crafted image file that could cause The GIMP to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2006-4519, CVE-2007-2949, CVE-2007-3741) Users of The GIMP should update to these erratum packages, which contain a backported fix to correct these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67527
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67527
    title Oracle Linux 3 / 4 / 5 : gimp (ELSA-2007-0513)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20070926_GIMP_ON_SL5_X.NASL
    description Multiple integer overflow and input validation flaws were found in The GIMP's image loaders. An attacker could create a carefully crafted image file that could cause The GIMP to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2006-4519, CVE-2007-2949, CVE-2007-3741)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60256
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60256
    title Scientific Linux Security Update : gimp on SL5.x, SL4.x, SL3.x i386/x86_64
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-170.NASL
    description Multiple integer overflows in the image loader plug-ins in GIMP before 2.2.16 allow user-assisted remote attackers to execute arbitrary code via crafted length values in (1) DICOM, (2) PNM, (3) PSD, (4) PSP, (5) Sun RAS, (6) XBM, and (7) XWD files. (CVE-2006-4519) Integer overflow in the seek_to_and_unpack_pixeldata function in the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute arbitrary code via a crafted PSD file that contains a large (1) width or (2) height value. (CVE-2007-2949) Victor Stinner has discovered several flaws in file plug-ins using his fuzzyfier tool fusil. Several modified image files cause the plug-ins to crash or consume excessive amounts of memory due to insufficient input validation. Affected plug-ins: bmp, pcx, psd, psp (*.tub). (CVE-2007-3741) Updated packages have been patched to prevent these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 25947
    published 2007-08-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25947
    title Mandrake Linux Security Advisory : gimp (MDKSA-2007:170)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0513.NASL
    description Updated gimp packages that fix several security issues are now available for Red Hat Enterprise Linux. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. Multiple integer overflow and input validation flaws were found in The GIMP's image loaders. An attacker could create a carefully crafted image file that could cause The GIMP to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2006-4519, CVE-2007-2949, CVE-2007-3741) Users of The GIMP should update to these erratum packages, which contain a backported fix to correct these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 26189
    published 2007-09-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26189
    title RHEL 2.1 / 3 / 4 / 5 : gimp (RHSA-2007:0513)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0513.NASL
    description Updated gimp packages that fix several security issues are now available for Red Hat Enterprise Linux. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. Multiple integer overflow and input validation flaws were found in The GIMP's image loaders. An attacker could create a carefully crafted image file that could cause The GIMP to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2006-4519, CVE-2007-2949, CVE-2007-3741) Users of The GIMP should update to these erratum packages, which contain a backported fix to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 26203
    published 2007-10-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26203
    title CentOS 3 / 4 / 5 : gimp (CESA-2007:0513)
oval via4
accepted 2013-04-29T04:01:37.390-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp allow user-assisted remote attackers to cause a denial of service (crash or memory consumption) via crafted image files, as discovered using the fusil fuzzing tool.
family unix
id oval:org.mitre.oval:def:10099
status accepted
submitted 2010-07-09T03:56:16-04:00
title The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp allow user-assisted remote attackers to cause a denial of service (crash or memory consumption) via crafted image files, as discovered using the fusil fuzzing tool.
version 25
redhat via4
advisories
bugzilla
id 248053
title CVE-2007-3741 Gimp image loader multiple input validation flaws
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 3 is installed
      oval oval:com.redhat.rhsa:tst:20060015001
    • OR
      • AND
        • comment gimp is earlier than 1:1.2.3-20.9.el3
          oval oval:com.redhat.rhsa:tst:20070513002
        • comment gimp is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070343003
      • AND
        • comment gimp-devel is earlier than 1:1.2.3-20.9.el3
          oval oval:com.redhat.rhsa:tst:20070513006
        • comment gimp-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070343007
      • AND
        • comment gimp-perl is earlier than 1:1.2.3-20.9.el3
          oval oval:com.redhat.rhsa:tst:20070513004
        • comment gimp-perl is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070343005
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhsa:tst:20060016001
    • OR
      • AND
        • comment gimp is earlier than 1:2.0.5-7.0.7.el4
          oval oval:com.redhat.rhsa:tst:20070513009
        • comment gimp is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070343003
      • AND
        • comment gimp-devel is earlier than 1:2.0.5-7.0.7.el4
          oval oval:com.redhat.rhsa:tst:20070513010
        • comment gimp-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070343007
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment gimp is earlier than 2:2.2.13-2.0.7.el5
          oval oval:com.redhat.rhsa:tst:20070513012
        • comment gimp is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070343013
      • AND
        • comment gimp-devel is earlier than 2:2.2.13-2.0.7.el5
          oval oval:com.redhat.rhsa:tst:20070513016
        • comment gimp-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070343015
      • AND
        • comment gimp-libs is earlier than 2:2.2.13-2.0.7.el5
          oval oval:com.redhat.rhsa:tst:20070513014
        • comment gimp-libs is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070343017
rhsa
id RHSA-2007:0513
released 2007-09-26
severity Moderate
title RHSA-2007:0513: gimp security update (Moderate)
rpms
  • gimp-1:1.2.3-20.9.el3
  • gimp-devel-1:1.2.3-20.9.el3
  • gimp-perl-1:1.2.3-20.9.el3
  • gimp-1:2.0.5-7.0.7.el4
  • gimp-devel-1:2.0.5-7.0.7.el4
  • gimp-2:2.2.13-2.0.7.el5
  • gimp-devel-2:2.2.13-2.0.7.el5
  • gimp-libs-2:2.2.13-2.0.7.el5
refmap via4
bid 25424
mandriva MDKSA-2007:170
osvdb
  • 42128
  • 42129
  • 42130
  • 42131
secunia
  • 26575
  • 26939
Last major update 30-11-2010 - 01:07
Published 27-08-2007 - 13:17
Last modified 28-09-2017 - 21:29
Back to Top