Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2009-3909

Published: 19/11/2009 Updated: 07/02/2022
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Gimp

Vulnerability Summary

Integer overflow in the read_channel_data function in plug-ins/file-psd/psd-load.c in GIMP 2.6.7 might allow remote malicious users to execute arbitrary code via a crafted PSD file that triggers a heap-based buffer overflow.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gimp gimp 2.6.7

Vendor Advisories

Red Hat: Moderate: gimp security update
Synopsis Moderate: gimp security update Type/Severity Security Advisory: Moderate Topic Updated gimp packages that fix multiple security issues are now availablefor Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerability Sco ...
Ubuntu Security Notice: gimp vulnerabilities
Stefan Cornelius discovered that GIMP did not correctly handle certain malformed BMP files If a user were tricked into opening a specially crafted BMP file, an attacker could execute arbitrary code with the user’s privileges (CVE-2009-1570) ...
Debian CVElist Bug Report Logs: gimp: CVE-2009-1570 heap overflow due to integer overflow when parsing bmp files
Debian Bug report logs - #555929 gimp: CVE-2009-1570 heap overflow due to integer overflow when parsing bmp files Package: gimp; Maintainer for gimp is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Source for gimp is src:gimp (PTS, buildd, popcon) Reported by: Nico Golde <nion@debianorg> ...
Debian CVElist Bug Report Logs: gimp: CVE-2009-3909: heap overflow due to integer overflow when parsing psd files
Debian Bug report logs - #556750 gimp: CVE-2009-3909: heap overflow due to integer overflow when parsing psd files Package: gimp; Maintainer for gimp is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Source for gimp is src:gimp (PTS, buildd, popcon) Reported by: Raphael Geissert <geissert@debian ...
Debian Security Advisories: DSA-1941-1 poppler -- several vulnerabilities
Several integer overflows, buffer overflows and memory allocation errors were discovered in the Poppler PDF rendering library, which may lead to denial of service or the execution of arbitrary code if a user is tricked into opening a malformed PDF document An update for the old stable distribution (etch) will be issued soon as version 045-51etc ...

References

CWE-190http://secunia.com/secunia_research/2009-43/http://secunia.com/advisories/37348http://git.gnome.org/cgit/gimp/commit/?id=0e440cb6d4d6ee029667363d244aff61b154c33chttp://git.gnome.org/cgit/gimp/commit/?id=9cc8d78ff33b7a36852b74e64b427489cad44d0ehttp://www.vupen.com/english/advisories/2009/3270https://bugzilla.gnome.org/show_bug.cgi?id=600741http://www.securityfocus.com/bid/37040http://osvdb.org/60178http://www.debian.org/security/2009/dsa-1941http://www.mandriva.com/security/advisories?name=MDVSA-2009:332http://www.vupen.com/english/advisories/2010/1021http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1181.htmlhttp://secunia.com/advisories/50737http://security.gentoo.org/glsa/glsa-201209-23.xmlhttp://www.securityfocus.com/archive/1/507928/100/0/threadedhttps://access.redhat.com/errata/RHSA-2012:1181https://usn.ubuntu.com/880-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925CVE-2023-41826LFICVE-2022-22364CVE-2024-2887command injectionremote code executionCVE-2024-34446CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook