Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2007-AVI-290
Vulnerability from certfr_avis - Published: - Updated:
Plusieurs vulnérabilités dans GIMP permettent à une personne d'exécuter du code arbitraire à distance.
Description
Plusieurs vulnérabilités de type débordement de mémoire ont été identifiées dans des modules de GIMP. Celles-ci permettent à un attaquant d'exécuter du code arbitraire sur le poste d'un utilisateur qui a ouvert un fichier image spécialement conçu.
Solution
La version 2.2.16 de GIMP corrige ces vulnérabilités.
GIMP versions 2.2.15 et antérieures.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eGIMP versions 2.2.15 et ant\u00e9rieures.\u003c/P\u003e",
"content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s de type d\u00e9bordement de m\u00e9moire ont \u00e9t\u00e9\nidentifi\u00e9es dans des modules de GIMP. Celles-ci permettent \u00e0 un\nattaquant d\u0027ex\u00e9cuter du code arbitraire sur le poste d\u0027un utilisateur\nqui a ouvert un fichier image sp\u00e9cialement con\u00e7u.\n\n## Solution\n\nLa version 2.2.16 de GIMP corrige ces vuln\u00e9rabilit\u00e9s.\n",
"cves": [
{
"name": "CVE-2007-2949",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-2949"
},
{
"name": "CVE-2006-4519",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4519"
}
],
"links": [
{
"title": "Mises \u00e0 jour de GIMP :",
"url": "http://developer.gimp.org/NEWS-2.2"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA-200707-09 du 25 juillet 2007 :",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200707-09.xml"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-1335 18 juillet 2007 :",
"url": "http://www.debian.org/security/2007/dsa-1335"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-494-1 02 ao\u00fbt 2007 :",
"url": "http://www.ubuntu.com/usn/usn-494-1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-480-1 04 juillet 2007 :",
"url": "http://www.ubuntu.com/usn/usn-480-1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2007:170 du 23 ao\u00fbt 2007 :",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:170"
}
],
"reference": "CERTA-2007-AVI-290",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2007-07-10T00:00:00.000000"
},
{
"description": "ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 Gentoo, Debian et Ubuntu.",
"revision_date": "2007-07-27T00:00:00.000000"
},
{
"description": "ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 Mandriva et Ubuntu.",
"revision_date": "2007-08-27T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans GIMP permettent \u00e0 une personne d\u0027ex\u00e9cuter\ndu code arbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans GIMP",
"vendor_advisories": [
{
"published_at": null,
"title": "Mise \u00e0 jour 2.2.16 de GIMP",
"url": null
}
]
}
CVE-2006-4519 (GCVE-0-2006-4519)
Vulnerability from cvelistv5 – Published: 2007-07-10 18:00 – Updated: 2024-08-07 19:14
VLAI
EPSS
Summary
Multiple integer overflows in the image loader plug-ins in GIMP before 2.2.16 allow user-assisted remote attackers to execute arbitrary code via crafted length values in (1) DICOM, (2) PNM, (3) PSD, (4) PSP, (5) Sun RAS, (6) XBM, and (7) XWD files.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
27 references
Date Public
2007-07-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:14:47.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26132",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26132"
},
{
"name": "ADV-2007-2471",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2471"
},
{
"name": "20070801 FLEA-2007-0038-1 gimp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/475257/100/0/threaded"
},
{
"name": "gimp-plugins-code-execution(35308)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35308"
},
{
"name": "42139",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42139"
},
{
"name": "GLSA-200707-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200707-09.xml"
},
{
"name": "oval:org.mitre.oval:def:10842",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10842"
},
{
"name": "26240",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26240"
},
{
"name": "26575",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26575"
},
{
"name": "42140",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42140"
},
{
"name": "USN-494-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-494-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugzilla.gnome.org/show_bug.cgi?id=451379"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://developer.gimp.org/NEWS-2.2"
},
{
"name": "RHSA-2007:0513",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0513.html"
},
{
"name": "20070709 Multiple Vendor GIMP Multiple Integer Overflow Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=551"
},
{
"name": "42143",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42143"
},
{
"name": "42145",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42145"
},
{
"name": "24835",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24835"
},
{
"name": "26215",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26215"
},
{
"name": "1018349",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018349"
},
{
"name": "42144",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42144"
},
{
"name": "MDKSA-2007:170",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:170"
},
{
"name": "42141",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42141"
},
{
"name": "DSA-1335",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1335"
},
{
"name": "26939",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26939"
},
{
"name": "42142",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42142"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://issues.foresightlinux.org/browse/FL-457"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in the image loader plug-ins in GIMP before 2.2.16 allow user-assisted remote attackers to execute arbitrary code via crafted length values in (1) DICOM, (2) PNM, (3) PSD, (4) PSP, (5) Sun RAS, (6) XBM, and (7) XWD files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26132",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26132"
},
{
"name": "ADV-2007-2471",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2471"
},
{
"name": "20070801 FLEA-2007-0038-1 gimp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/475257/100/0/threaded"
},
{
"name": "gimp-plugins-code-execution(35308)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35308"
},
{
"name": "42139",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42139"
},
{
"name": "GLSA-200707-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200707-09.xml"
},
{
"name": "oval:org.mitre.oval:def:10842",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10842"
},
{
"name": "26240",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26240"
},
{
"name": "26575",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26575"
},
{
"name": "42140",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42140"
},
{
"name": "USN-494-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-494-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugzilla.gnome.org/show_bug.cgi?id=451379"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://developer.gimp.org/NEWS-2.2"
},
{
"name": "RHSA-2007:0513",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0513.html"
},
{
"name": "20070709 Multiple Vendor GIMP Multiple Integer Overflow Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=551"
},
{
"name": "42143",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42143"
},
{
"name": "42145",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42145"
},
{
"name": "24835",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24835"
},
{
"name": "26215",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26215"
},
{
"name": "1018349",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018349"
},
{
"name": "42144",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42144"
},
{
"name": "MDKSA-2007:170",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:170"
},
{
"name": "42141",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42141"
},
{
"name": "DSA-1335",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1335"
},
{
"name": "26939",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26939"
},
{
"name": "42142",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42142"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://issues.foresightlinux.org/browse/FL-457"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in the image loader plug-ins in GIMP before 2.2.16 allow user-assisted remote attackers to execute arbitrary code via crafted length values in (1) DICOM, (2) PNM, (3) PSD, (4) PSP, (5) Sun RAS, (6) XBM, and (7) XWD files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26132",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26132"
},
{
"name": "ADV-2007-2471",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2471"
},
{
"name": "20070801 FLEA-2007-0038-1 gimp",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/475257/100/0/threaded"
},
{
"name": "gimp-plugins-code-execution(35308)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35308"
},
{
"name": "42139",
"refsource": "OSVDB",
"url": "http://osvdb.org/42139"
},
{
"name": "GLSA-200707-09",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200707-09.xml"
},
{
"name": "oval:org.mitre.oval:def:10842",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10842"
},
{
"name": "26240",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26240"
},
{
"name": "26575",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26575"
},
{
"name": "42140",
"refsource": "OSVDB",
"url": "http://osvdb.org/42140"
},
{
"name": "USN-494-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-494-1"
},
{
"name": "http://bugzilla.gnome.org/show_bug.cgi?id=451379",
"refsource": "CONFIRM",
"url": "http://bugzilla.gnome.org/show_bug.cgi?id=451379"
},
{
"name": "http://developer.gimp.org/NEWS-2.2",
"refsource": "CONFIRM",
"url": "http://developer.gimp.org/NEWS-2.2"
},
{
"name": "RHSA-2007:0513",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0513.html"
},
{
"name": "20070709 Multiple Vendor GIMP Multiple Integer Overflow Vulnerabilities",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=551"
},
{
"name": "42143",
"refsource": "OSVDB",
"url": "http://osvdb.org/42143"
},
{
"name": "42145",
"refsource": "OSVDB",
"url": "http://osvdb.org/42145"
},
{
"name": "24835",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24835"
},
{
"name": "26215",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26215"
},
{
"name": "1018349",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018349"
},
{
"name": "42144",
"refsource": "OSVDB",
"url": "http://osvdb.org/42144"
},
{
"name": "MDKSA-2007:170",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:170"
},
{
"name": "42141",
"refsource": "OSVDB",
"url": "http://osvdb.org/42141"
},
{
"name": "DSA-1335",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1335"
},
{
"name": "26939",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26939"
},
{
"name": "42142",
"refsource": "OSVDB",
"url": "http://osvdb.org/42142"
},
{
"name": "http://issues.foresightlinux.org/browse/FL-457",
"refsource": "CONFIRM",
"url": "http://issues.foresightlinux.org/browse/FL-457"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4519",
"datePublished": "2007-07-10T18:00:00.000Z",
"dateReserved": "2006-08-31T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:14:47.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2949 (GCVE-0-2007-2949)
Vulnerability from cvelistv5 – Published: 2007-07-04 15:00 – Updated: 2024-08-07 13:57
VLAI
EPSS
Summary
Integer overflow in the seek_to_and_unpack_pixeldata function in the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute arbitrary code via a crafted PSD file that contains a large (1) width or (2) height value.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
30 references
Date Public
2007-06-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:57:54.632Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2007-63/advisory/"
},
{
"name": "25949",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25949"
},
{
"name": "26044",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26044"
},
{
"name": "26132",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26132"
},
{
"name": "gimp-unpackpixeldata-code-execution(35246)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35246"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1487"
},
{
"name": "GLSA-200707-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200707-09.xml"
},
{
"name": "SSA:2007-222-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.360191"
},
{
"name": "26575",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26575"
},
{
"name": "37804",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37804"
},
{
"name": "oval:org.mitre.oval:def:5772",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5772"
},
{
"name": "26384",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26384"
},
{
"name": "201320",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201320-1"
},
{
"name": "RHSA-2007:0513",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0513.html"
},
{
"name": "25677",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25677"
},
{
"name": "oval:org.mitre.oval:def:11276",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11276"
},
{
"name": "28114",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28114"
},
{
"name": "ADV-2007-2421",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2421"
},
{
"name": "26215",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26215"
},
{
"name": "24745",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24745"
},
{
"name": "USN-480-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-480-1"
},
{
"name": "103170",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103170-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.gnome.org/viewcvs/gimp?view=revision\u0026revision=22798"
},
{
"name": "MDKSA-2007:170",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:170"
},
{
"name": "DSA-1335",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1335"
},
{
"name": "26939",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26939"
},
{
"name": "VU#399896",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/399896"
},
{
"name": "SUSE-SR:2007:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"name": "ADV-2007-4241",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4241"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://issues.foresightlinux.org/browse/FL-457"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the seek_to_and_unpack_pixeldata function in the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute arbitrary code via a crafted PSD file that contains a large (1) width or (2) height value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01.000Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2007-63/advisory/"
},
{
"name": "25949",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25949"
},
{
"name": "26044",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26044"
},
{
"name": "26132",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26132"
},
{
"name": "gimp-unpackpixeldata-code-execution(35246)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35246"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1487"
},
{
"name": "GLSA-200707-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200707-09.xml"
},
{
"name": "SSA:2007-222-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.360191"
},
{
"name": "26575",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26575"
},
{
"name": "37804",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37804"
},
{
"name": "oval:org.mitre.oval:def:5772",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5772"
},
{
"name": "26384",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26384"
},
{
"name": "201320",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201320-1"
},
{
"name": "RHSA-2007:0513",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0513.html"
},
{
"name": "25677",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25677"
},
{
"name": "oval:org.mitre.oval:def:11276",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11276"
},
{
"name": "28114",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28114"
},
{
"name": "ADV-2007-2421",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2421"
},
{
"name": "26215",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26215"
},
{
"name": "24745",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24745"
},
{
"name": "USN-480-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-480-1"
},
{
"name": "103170",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103170-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.gnome.org/viewcvs/gimp?view=revision\u0026revision=22798"
},
{
"name": "MDKSA-2007:170",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:170"
},
{
"name": "DSA-1335",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1335"
},
{
"name": "26939",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26939"
},
{
"name": "VU#399896",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/399896"
},
{
"name": "SUSE-SR:2007:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"name": "ADV-2007-4241",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4241"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://issues.foresightlinux.org/browse/FL-457"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2007-2949",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the seek_to_and_unpack_pixeldata function in the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute arbitrary code via a crafted PSD file that contains a large (1) width or (2) height value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://secunia.com/secunia_research/2007-63/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2007-63/advisory/"
},
{
"name": "25949",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25949"
},
{
"name": "26044",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26044"
},
{
"name": "26132",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26132"
},
{
"name": "gimp-unpackpixeldata-code-execution(35246)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35246"
},
{
"name": "https://issues.rpath.com/browse/RPL-1487",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1487"
},
{
"name": "GLSA-200707-09",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200707-09.xml"
},
{
"name": "SSA:2007-222-01",
"refsource": "SLACKWARE",
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.360191"
},
{
"name": "26575",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26575"
},
{
"name": "37804",
"refsource": "OSVDB",
"url": "http://osvdb.org/37804"
},
{
"name": "oval:org.mitre.oval:def:5772",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5772"
},
{
"name": "26384",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26384"
},
{
"name": "201320",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201320-1"
},
{
"name": "RHSA-2007:0513",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0513.html"
},
{
"name": "25677",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25677"
},
{
"name": "oval:org.mitre.oval:def:11276",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11276"
},
{
"name": "28114",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28114"
},
{
"name": "ADV-2007-2421",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2421"
},
{
"name": "26215",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26215"
},
{
"name": "24745",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24745"
},
{
"name": "USN-480-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-480-1"
},
{
"name": "103170",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103170-1"
},
{
"name": "http://svn.gnome.org/viewcvs/gimp?view=revision\u0026revision=22798",
"refsource": "CONFIRM",
"url": "http://svn.gnome.org/viewcvs/gimp?view=revision\u0026revision=22798"
},
{
"name": "MDKSA-2007:170",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:170"
},
{
"name": "DSA-1335",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1335"
},
{
"name": "26939",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26939"
},
{
"name": "VU#399896",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/399896"
},
{
"name": "SUSE-SR:2007:015",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"name": "ADV-2007-4241",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4241"
},
{
"name": "http://issues.foresightlinux.org/browse/FL-457",
"refsource": "CONFIRM",
"url": "http://issues.foresightlinux.org/browse/FL-457"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2007-2949",
"datePublished": "2007-07-04T15:00:00.000Z",
"dateReserved": "2007-05-31T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:57:54.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…