Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2007-2949

Published: 04/07/2007 Updated: 07/02/2022
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Gimp

Vulnerability Summary

Integer overflow in the seek_to_and_unpack_pixeldata function in the psd.c plugin in Gimp 2.2.15 allows remote malicious users to execute arbitrary code via a crafted PSD file that contains a large (1) width or (2) height value.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gimp gimp

canonical ubuntu linux 6.06

canonical ubuntu linux 6.10

canonical ubuntu linux 7.04

Vendor Advisories

Ubuntu Security Notice: gimp vulnerability
Stefan Cornelius discovered that Gimp could miscalculate the size of heap buffers when processing PSD images By tricking a user into opening a specially crafted PSD file with Gimp, an attacker could exploit this to execute arbitrary code with the user’s privileges ...
Debian Security Advisories: DSA-1335-1 gimp -- several vulnerabilities
Several remote vulnerabilities have been discovered in Gimp, the GNU Image Manipulation Program, which might lead to the execution of arbitrary code The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-4519 Sean Larsson discovered several integer overflows in the processing code for DICOM, PNM, PSD, ...

References

CWE-190http://secunia.com/secunia_research/2007-63/advisory/http://svn.gnome.org/viewcvs/gimp?view=revision&revision=22798http://www.securityfocus.com/bid/24745http://secunia.com/advisories/25677https://issues.rpath.com/browse/RPL-1487http://issues.foresightlinux.org/browse/FL-457http://www.debian.org/security/2007/dsa-1335http://security.gentoo.org/glsa/glsa-200707-09.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2007:170http://www.redhat.com/support/errata/RHSA-2007-0513.htmlhttp://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.360191http://www.novell.com/linux/security/advisories/2007_15_sr.htmlhttp://www.ubuntu.com/usn/usn-480-1http://www.kb.cert.org/vuls/id/399896http://secunia.com/advisories/25949http://secunia.com/advisories/26044http://secunia.com/advisories/26132http://secunia.com/advisories/26215http://secunia.com/advisories/26384http://secunia.com/advisories/26575http://secunia.com/advisories/26939http://sunsolve.sun.com/search/document.do?assetkey=1-26-103170-1http://secunia.com/advisories/28114http://sunsolve.sun.com/search/document.do?assetkey=1-66-201320-1http://www.vupen.com/english/advisories/2007/4241http://www.vupen.com/english/advisories/2007/2421http://osvdb.org/37804https://exchange.xforce.ibmcloud.com/vulnerabilities/35246https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5772https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11276https://usn.ubuntu.com/480-1/https://nvd.nist.govhttps://www.kb.cert.org/vuls/id/399896
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028memory leaklog injectionCVE-2024-3400CVE-2022-48695CVE-2022-48675CVE-2024-34487CVE-2024-33792spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook