Vulnerability Name:

CVE-2007-2949 (CCN-35246)

Assigned:2007-06-27
Published:2007-06-27
Updated:2022-02-07
Summary:Integer overflow in the seek_to_and_unpack_pixeldata function in the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute arbitrary code via a crafted PSD file that contains a large (1) width or (2) height value.
CVSS v3 Severity:9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-190
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2007-2949

Source: CONFIRM
Type: Broken Link
http://issues.foresightlinux.org/browse/FL-457

Source: OSVDB
Type: Broken Link
37804

Source: CCN
Type: RHSA-2007-0513
Moderate: gimp security update

Source: CCN
Type: SA25677
Gimp Loader Plugins Integer Overflow Vulnerabilities

Source: SECUNIA
Type: Broken Link, Patch
25677

Source: SECUNIA
Type: Broken Link
25949

Source: SECUNIA
Type: Broken Link
26044

Source: SECUNIA
Type: Broken Link
26132

Source: SECUNIA
Type: Broken Link
26215

Source: SECUNIA
Type: Broken Link
26384

Source: SECUNIA
Type: Broken Link
26575

Source: SECUNIA
Type: Broken Link
26939

Source: CCN
Type: SA28114
Sun Solaris Gimp Multiple Vulnerabilities

Source: SECUNIA
Type: Broken Link
28114

Source: CCN
Type: Secunia Research 03/07/2007
Gimp PSD Plugin Integer Overflow Vulnerability

Source: MISC
Type: Broken Link, Patch, Vendor Advisory
http://secunia.com/secunia_research/2007-63/advisory/

Source: GENTOO
Type: Third Party Advisory
GLSA-200707-09

Source: SUNALERT
Type: Broken Link
103170

Source: SUNALERT
Type: Broken Link
201320

Source: CCN
Type: Sun Alert ID: 103170
Multiple Security Vulnerabilities Within the GIMP Plugins

Source: CCN
Type: ASA-2007-457
GIMP security update (RHSA-2007-0513)

Source: CCN
Type: ASA-2008-011
Multiple Security Vulnerabilities Within the GIMP Plugins (Sun 103170)

Source: CCN
Type: NORTEL BULLETIN ID: 2008009107, Rev 1
Nortel Response to Sun Alert 201320 - Multiple Security Vulnerabilities Within the GIMP Plugins

Source: CCN
Type: GIMP SVN Repository Mon Jun 18 19:35:11 2007 UTC
[gimp] View of /branches/gimp-2-2/ChangeLog

Source: CONFIRM
Type: Vendor Advisory
http://svn.gnome.org/viewcvs/gimp?view=revision&revision=22798

Source: DEBIAN
Type: Third Party Advisory
DSA-1335

Source: DEBIAN
Type: DSA-1335
gimp -- several vulnerabilities

Source: CCN
Type: GLSA-200707-09
GIMP: Multiple integer overflows

Source: CCN
Type: US-CERT VU#399896
GIMP integer overflow vulnerability

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#399896

Source: MANDRIVA
Type: Broken Link
MDKSA-2007:170

Source: SUSE
Type: Broken Link
SUSE-SR:2007:015

Source: CCN
Type: OSVDB ID: 37804
GIMP psd.c seek_to_and_unpack_pixeldata Function PSD Handling Overflow

Source: REDHAT
Type: Broken Link
RHSA-2007:0513

Source: BID
Type: Broken Link, Third Party Advisory, VDB Entry
24745

Source: CCN
Type: BID-24745
GIMP PSD File Integer Overflow Vulnerability

Source: SLACKWARE
Type: Third Party Advisory
SSA:2007-222-01

Source: CCN
Type: USN-480-1
Gimp vulnerability

Source: UBUNTU
Type: Third Party Advisory
USN-480-1

Source: VUPEN
Type: Broken Link
ADV-2007-2421

Source: VUPEN
Type: Broken Link
ADV-2007-4241

Source: XF
Type: Third Party Advisory, VDB Entry
gimp-unpackpixeldata-code-execution(35246)

Source: XF
Type: UNKNOWN
gimp-unpackpixeldata-code-execution(35246)

Source: CONFIRM
Type: Broken Link
https://issues.rpath.com/browse/RPL-1487

Source: OVAL
Type: Tool Signature
oval:org.mitre.oval:def:11276

Source: OVAL
Type: Tool Signature
oval:org.mitre.oval:def:5772

Source: SUSE
Type: SUSE-SR:2007:015
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:gimp:gimp:*:*:*:*:*:*:*:* (Version <= 2.2.15)

    • Configuration 2:
  • cpe:/o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

    • Configuration RedHat 9:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:gimp:gimp:2.2.15:*:*:*:*:*:*:*
  • AND
  • cpe:/o:suse:suse_linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9::x86:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10::sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10::x86:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.04:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1::x86-64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.5.z::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.5.z::es:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20072949
    V
    		CVE-2007-2949
    2022-06-30
    oval:org.opensuse.security:def:112292
    P
    		gimp-2.10.24-3.1 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:26164
    P
    		Security update for MozillaFirefox (Important)
    2021-11-17
    oval:org.opensuse.security:def:105815
    P
    		gimp-2.10.24-3.1 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:36411
    P
    		gimp-2.6.2-3.34.45.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:26036
    P
    		Security update for MozillaFirefox (Important)
    2021-04-27
    oval:org.opensuse.security:def:25972
    P
    		Security update for postgresql12 (Important)
    2020-12-04
    oval:org.opensuse.security:def:27374
    P
    		bind-devel-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26386
    P
    		Security update for kdepim, messagelib (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25960
    P
    		Security update for gimp (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26678
    P
    		coolkey on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27409
    P
    		gimp on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26537
    P
    		dhcp on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25961
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:26692
    P
    		evince on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26245
    P
    		Security update for python (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26590
    P
    		libmusicbrainz4 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26736
    P
    		libQtWebKit4-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26302
    P
    		Security update for python-PyYAML (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26639
    P
    		star on GA media (Moderate)
    2020-12-01
    oval:org.mitre.oval:def:19721
    P
    		DSA-1335-1 gimp
    2014-06-23
    oval:org.mitre.oval:def:21780
    P
    		ELSA-2007:0513: gimp security update (Moderate)
    2014-05-26
    oval:org.mitre.oval:def:11276
    V
    		Integer overflow in the seek_to_and_unpack_pixeldata function in the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute arbitrary code via a crafted PSD file that contains a large (1) width or (2) height value.
    2013-04-29
    oval:org.mitre.oval:def:5772
    V
    		PSD Plugin of Gimp vulnerability
    2008-10-20
    oval:com.redhat.rhsa:def:20070513
    P
    		RHSA-2007:0513: gimp security update (Moderate)
    2008-03-20
    oval:org.debian:def:1335
    V
    		several vulnerabilities
    2007-07-18
    BACK
    gimp gimp *
    canonical ubuntu linux 6.06
    canonical ubuntu linux 6.10
    canonical ubuntu linux 7.04
    gimp gimp 2.2.15
    suse suse linux *
    gentoo linux *
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    sun solaris 9
    redhat enterprise linux 3
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    debian debian linux 3.1
    sun solaris 10
    sun solaris 10
    redhat linux advanced workstation 2.1
    canonical ubuntu 6.06
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux desktop 5.0
    redhat enterprise linux 5
    redhat enterprise linux 5
    mandrakesoft mandrake linux 2007.1
    mandrakesoft mandrake linux 2008.0
    debian debian linux 4.0
    canonical ubuntu 7.04
    redhat enterprise linux 5
    redhat enterprise linux 5
    mandrakesoft mandrake linux 2007.1
    redhat enterprise linux 4.5.z
    redhat enterprise linux 4.5.z