CVE-2007-2949

 

Published at: - 04-07-2007 05:30

Last modified: - 07-02-2022 06:48

Total changes: - 2

Description

Integer overflow in the seek_to_and_unpack_pixeldata function in the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute arbitrary code via a crafted PSD file that contains a large (1) width or (2) height value.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:M/Au:N/C:P/I:P/A:P

 

Verification logic

 

Reference

• http://secunia.com/secunia_research/2007-63/advisory/
• http://svn.gnome.org/viewcvs/gimp?view=revision&revision=22798
• 24745-Broken Link, Third Party Advisory, VDB Entry
• 25677-Broken Link, Patch
• https://issues.rpath.com/browse/RPL-1487
• http://issues.foresightlinux.org/browse/FL-457
• DSA-1335-Third Party Advisory
• GLSA-200707-09-Third Party Advisory
• MDKSA-2007:170-Broken Link
• RHSA-2007:0513-Broken Link
• SSA:2007-222-01-Third Party Advisory
• SUSE-SR:2007:015-Broken Link
• USN-480-1-Third Party Advisory
• VU#399896-Third Party Advisory, US Government Resource
• 25949-Broken Link
• 26044-Broken Link
• 26132-Broken Link
• 26215-Broken Link
• 26384-Broken Link
• 26575-Broken Link
• 26939-Broken Link
• 103170-Broken Link
• 28114-Broken Link
• 201320-Broken Link
• ADV-2007-4241-Broken Link
• ADV-2007-2421-Broken Link
• 37804-Broken Link
• gimp-unpackpixeldata-code-execution(35246)-Third Party Advisory, VDB Entry
• oval:org.mitre.oval:def:5772-Tool Signature
• oval:org.mitre.oval:def:11276-Tool Signature

 

Keywords

NVD

 

CVE-2007-2949

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures