CVE-2007-2356

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 01-05-2007 12:19

Last modified: - 07-02-2022 08:21

Total changes: - 2

Description

Stack-based buffer overflow in the set_color_table function in sunras.c in the SUNRAS plugin in Gimp 2.2.14 allows user-assisted remote attackers to execute arbitrary code via a crafted RAS file.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:M/Au:N/C:P/I:P/A:P

Low

Attack complexity

Network

Attack vector

Low

Availability

Low

Confidentiality

Low

Integrity

Privileges required

Scope

User interaction

6.8

Base score

8.6

6.4

Exploitability score

Impact score

Verification logic

vendor=gimp AND product=gimp AND version=2.2.14

Reference

23680-Exploit, Patch, Third Party Advisory, VDB Entry
25012-Broken Link
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=238422
https://issues.rpath.com/browse/RPL-1318
GLSA-200705-08-Third Party Advisory
25111-Broken Link
25167-Broken Link
RHSA-2007:0343-Patch, Third Party Advisory
SUSE-SR:2007:011-Third Party Advisory
25239-Broken Link
DSA-1301-Patch, Third Party Advisory
MDKSA-2007:108-Broken Link
USN-467-1-Third Party Advisory
1018092-Third Party Advisory, VDB Entry
25346-Broken Link
25359-Broken Link
25466-Broken Link
25573-Broken Link
103170-Broken Link, Third Party Advisory
28114-Broken Link
201320-Broken Link, Third Party Advisory
ADV-2007-4241-Broken Link, Vendor Advisory
ADV-2007-1560-Broken Link, Vendor Advisory
gimp-sunras-plugin-bo(33911)-Third Party Advisory, VDB Entry
oval:org.mitre.oval:def:5960-Tool Signature
oval:org.mitre.oval:def:10054-Tool Signature
20070430 FLEA-2007-0015-1: gimp-Third Party Advisory, VDB Entry

Keywords

CVE-2007-2356

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2007-2356

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures