Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2009-1570

Published: 13/11/2009 Updated: 07/02/2022
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Gimp

Vulnerability Summary

Integer overflow in the ReadImage function in plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote malicious users to execute arbitrary code via a BMP file with crafted width and height values that trigger a heap-based buffer overflow.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gimp gimp 2.6.7

Vendor Advisories

Ubuntu Security Notice: gimp vulnerabilities
Stefan Cornelius discovered that GIMP did not correctly handle certain malformed BMP files If a user were tricked into opening a specially crafted BMP file, an attacker could execute arbitrary code with the user’s privileges (CVE-2009-1570) ...
Debian CVElist Bug Report Logs: gimp: CVE-2009-1570 heap overflow due to integer overflow when parsing bmp files
Debian Bug report logs - #555929 gimp: CVE-2009-1570 heap overflow due to integer overflow when parsing bmp files Package: gimp; Maintainer for gimp is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Source for gimp is src:gimp (PTS, buildd, popcon) Reported by: Nico Golde <nion@debianorg> ...
Debian CVElist Bug Report Logs: gimp: CVE-2009-3909: heap overflow due to integer overflow when parsing psd files
Debian Bug report logs - #556750 gimp: CVE-2009-3909: heap overflow due to integer overflow when parsing psd files Package: gimp; Maintainer for gimp is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Source for gimp is src:gimp (PTS, buildd, popcon) Reported by: Raphael Geissert <geissert@debian ...

References

CWE-190http://secunia.com/advisories/37232http://git.gnome.org/cgit/gimp/commit/?h=gimp-2-6&id=df2b0aca2e7cdb95ebfd3454c65aaba0a83e9bbehttp://www.osvdb.org/59930http://www.vupen.com/english/advisories/2009/3228http://secunia.com/secunia_research/2009-42/https://bugzilla.gnome.org/show_bug.cgi?id=600484http://www.securityfocus.com/bid/37006http://www.vupen.com/english/advisories/2009/3564http://www.vupen.com/english/advisories/2010/1021http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.htmlhttp://www.redhat.com/support/errata/RHSA-2011-0838.htmlhttp://www.redhat.com/support/errata/RHSA-2011-0837.htmlhttp://secunia.com/advisories/50737http://security.gentoo.org/glsa/glsa-201209-23.xmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/54254https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8290http://www.securityfocus.com/archive/1/507813/100/0/threadedhttps://usn.ubuntu.com/880-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761command injectionCVE-2024-3676IDORCVE-2024-30039CVE-2024-32113CVE-2024-30049CVE-2024-4776SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook