Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2007-2356

Published: 30/04/2007 Updated: 07/02/2022
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 690
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Stack-based buffer overflow in the set_color_table function in sunras.c in the SUNRAS plugin in Gimp 2.2.14 allows user-assisted remote malicious users to execute arbitrary code via a crafted RAS file.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gimp gimp 2.2.14

Vendor Advisories

Ubuntu Security Notice: gimp vulnerability
It was discovered that Gimp did not correctly handle RAS image format color tables By tricking a user into opening a specially crafted RAS file with Gimp, an attacker could exploit this to execute arbitrary code with the user’s privileges ...
Debian Security Advisories: DSA-1301-1 gimp -- buffer overflow
A buffer overflow has been identified in Gimp's SUNRAS plugin in versions prior to 2215 This bug could allow an attacker to execute arbitrary code on the victim's computer by inducing the victim to open a specially crafted RAS file For the stable distribution (etch), this problem has been fixed in version 2213-1etch1 For the old stable distr ...

Exploits

Exploit DB: GIMP 2.2.14 - '.ras' SUNRAS Plugin Buffer Overflow
/*****************************************************************************\ * * * Gimp v2214 RAS File SUNRAS Plugin Buffer Overflow * * * * ...
Exploit DB: GIMP 2.2.14 (Windows x86) - '.ras' Download/Execute Buffer Overflow
/* :: Kristian Hermansen :: Date: 20070509 Description: Gimp 2214 RAS vuln, thanks to Marsu This one is universal download and exec using call esp in libgimpcolor-20-0dll Vulnerable: Gimp 2214 Tested: Gimp 2214 on Windows Vista, XP, 2000 Compile: gcc -o netsniper-gimpu netsniper-gimpuc Usage: /netsniper-gimpu t ...

References

CWE-787http://www.securityfocus.com/bid/23680http://secunia.com/advisories/25012https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=238422https://issues.rpath.com/browse/RPL-1318http://security.gentoo.org/glsa/glsa-200705-08.xmlhttp://secunia.com/advisories/25111http://secunia.com/advisories/25167http://www.redhat.com/support/errata/RHSA-2007-0343.htmlhttp://lists.suse.com/archive/suse-security-announce/2007-May/0005.htmlhttp://secunia.com/advisories/25239http://www.debian.org/security/2007/dsa-1301http://www.mandriva.com/security/advisories?name=MDKSA-2007:108http://www.ubuntu.com/usn/usn-467-1http://www.securitytracker.com/id?1018092http://secunia.com/advisories/25346http://secunia.com/advisories/25359http://secunia.com/advisories/25466http://secunia.com/advisories/25573http://sunsolve.sun.com/search/document.do?assetkey=1-26-103170-1http://secunia.com/advisories/28114http://sunsolve.sun.com/search/document.do?assetkey=1-66-201320-1http://www.vupen.com/english/advisories/2007/4241http://www.vupen.com/english/advisories/2007/1560https://exchange.xforce.ibmcloud.com/vulnerabilities/33911https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5960https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10054http://www.securityfocus.com/archive/1/467231/100/0/threadedhttps://nvd.nist.govhttps://usn.ubuntu.com/467-1/https://www.exploit-db.com/exploits/3801/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310CVE-2024-21683CVE-2024-22187chromedeserializationXPath injectionCVE-2024-27842denial of serviceCVE-2024-24851googleCVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook