Executive Summary
Summary | |
---|---|
Title | gimp security update |
Informations | |||
---|---|---|---|
Name | RHSA-2011:0839 | First vendor Publication | 2011-05-31 |
Vendor | RedHat | Last vendor Modification | 2011-05-31 |
Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The GIMP (GNU Image Manipulation Program) is an image composition and editing program. A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro (PSP) image file plug-in. An attacker could create a specially-crafted PSP image file that, when opened, could cause the PSP plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2010-4543) A stack-based buffer overflow flaw was found in the GIMP's Lightning, Sphere Designer, and Gfig image filters. An attacker could create a specially-crafted Lightning, Sphere Designer, or Gfig filter configuration file that, when opened, could cause the relevant plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2010-4540, CVE-2010-4541, CVE-2010-4542) Users of the GIMP are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The GIMP must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 666793 - CVE-2010-4540 Gimp: Stack-based buffer overflow in Lighting plug-in 703403 - CVE-2010-4541 Gimp: Stack-based buffer overflow in SphereDesigner plug-in 703405 - CVE-2010-4542 Gimp: Stack-based buffer overflow in Gfig plug-in 703407 - CVE-2010-4543 Gimp: Heap-based buffer overflow in Paint Shop Pro (PSP) plug-in |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2011-0839.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-787 | Out-of-bounds Write (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:13772 | |||
Oval ID: | oval:org.mitre.oval:def:13772 | ||
Title: | USN-1109-1 -- gimp vulnerabilities | ||
Description: | It was discovered that GIMP incorrectly handled malformed data in certain plugin configuration files. If a user were tricked into opening a specially crafted plugin configuration file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user�s privileges. The default compiler options for affected releases should reduce the vulnerability to a denial of service. It was discovered that GIMP incorrectly handled malformed PSP image files. If a user were tricked into opening a specially crafted PSP image file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user�s privileges | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1109-1 CVE-2010-4540 CVE-2010-4541 CVE-2010-4542 CVE-2010-4543 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 10.10 Ubuntu 9.10 Ubuntu 10.04 | Product(s): | gimp |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21949 | |||
Oval ID: | oval:org.mitre.oval:def:21949 | ||
Title: | RHSA-2011:0839: gimp security update (Moderate) | ||
Description: | Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image file that begins a long run count at the end of the image. NOTE: some of these details are obtained from third party information. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:0839-01 CVE-2010-4540 CVE-2010-4541 CVE-2010-4542 CVE-2010-4543 | Version: | 55 |
Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | gimp |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23689 | |||
Oval ID: | oval:org.mitre.oval:def:23689 | ||
Title: | ELSA-2011:0839: gimp security update (Moderate) | ||
Description: | Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image file that begins a long run count at the end of the image. NOTE: some of these details are obtained from third party information. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0839-01 CVE-2010-4540 CVE-2010-4541 CVE-2010-4542 CVE-2010-4543 | Version: | 21 |
Platform(s): | Oracle Linux 6 | Product(s): | gimp |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27488 | |||
Oval ID: | oval:org.mitre.oval:def:27488 | ||
Title: | DEPRECATED: ELSA-2011-0839 -- gimp security update (moderate) | ||
Description: | [2:2.6.9-4.1] - fix various overflows (#666793, #703403, #703405, #703407, #704512) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-0839 CVE-2010-4540 CVE-2010-4541 CVE-2010-4542 CVE-2010-4543 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | gimp |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2012-10-03 | Name : Gentoo Security Advisory GLSA 201209-23 (gimp) File : nvt/glsa_201209_23.nasl |
2012-07-30 | Name : CentOS Update for gimp CESA-2011:0837 centos4 x86_64 File : nvt/gb_CESA-2011_0837_gimp_centos4_x86_64.nasl |
2012-07-30 | Name : CentOS Update for gimp CESA-2011:0838 centos5 x86_64 File : nvt/gb_CESA-2011_0838_gimp_centos5_x86_64.nasl |
2012-06-06 | Name : RedHat Update for gimp RHSA-2011:0839-01 File : nvt/gb_RHSA-2011_0839-01_gimp.nasl |
2012-03-12 | Name : Debian Security Advisory DSA 2426-1 (gimp) File : nvt/deb_2426_1.nasl |
2011-08-27 | Name : Fedora Update for gimp FEDORA-2011-10782 File : nvt/gb_fedora_2011_10782_gimp_fc14.nasl |
2011-08-24 | Name : Fedora Update for gimp FEDORA-2011-10788 File : nvt/gb_fedora_2011_10788_gimp_fc15.nasl |
2011-08-09 | Name : CentOS Update for gimp CESA-2011:0838 centos5 i386 File : nvt/gb_CESA-2011_0838_gimp_centos5_i386.nasl |
2011-06-10 | Name : Fedora Update for gimp FEDORA-2011-7393 File : nvt/gb_fedora_2011_7393_gimp_fc14.nasl |
2011-06-10 | Name : Fedora Update for gimp FEDORA-2011-7397 File : nvt/gb_fedora_2011_7397_gimp_fc13.nasl |
2011-06-06 | Name : CentOS Update for gimp CESA-2011:0837 centos4 i386 File : nvt/gb_CESA-2011_0837_gimp_centos4_i386.nasl |
2011-06-06 | Name : RedHat Update for gimp RHSA-2011:0837-01 File : nvt/gb_RHSA-2011_0837-01_gimp.nasl |
2011-06-06 | Name : RedHat Update for gimp RHSA-2011:0838-01 File : nvt/gb_RHSA-2011_0838-01_gimp.nasl |
2011-06-03 | Name : Mandriva Update for gimp MDVSA-2011:103 (gimp) File : nvt/gb_mandriva_MDVSA_2011_103.nasl |
2011-04-19 | Name : Ubuntu Update for gimp vulnerabilities USN-1109-1 File : nvt/gb_ubuntu_USN_1109_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
70284 | GIMP plug-ins/common/file-psp.c read_channel_data() Function Overflow GIMP is prone to an overflow condition. The 'read_channel_data()' function in 'plug-ins/common/file-psp.c' fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted PSP file, a context-dependent attacker can potentially execute arbitrary code. |
70283 | GIMP plug-ins/gfig/gfig-style.c gfig_read_parameter_gimp_rgb() Function Overflow GIMP is prone to an overflow condition. The 'gfig_read_parameter_gimp_rgb()' function in 'plug-ins/gfig/gfig-style.c' fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted GFIG or XCF file, a context-dependent attacker can potentially execute arbitrary code. |
70282 | GIMP plug-ins/lighting/lighting-ui.c load_preset_response() Function Overflow GIMP is prone to an overflow condition. The 'load_preset_response()' function in 'plug-ins/lighting/lighting-ui.c' in the 'Lighting Effects' plugin fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted file for the plugin, a context-dependent attacker can potentially execute arbitrary code. |
70281 | GIMP plug-ins/common/sphere-designer.c loadit() Function Overflow GIMP is prone to an overflow condition. The 'loadit()' function in 'plug-ins/common/sphere-designer.c' of the 'Sphere Designer' plugin fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted file for the plugin, a context-dependent attacker can potentially execute arbitrary code. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_gimp-110217.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0839.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0838.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0837.nasl - Type : ACT_GATHER_INFO |
2013-06-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0838.nasl - Type : ACT_GATHER_INFO |
2012-09-29 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201209-23.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110531_gimp_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110531_gimp_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110531_gimp_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-03-07 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2426.nasl - Type : ACT_GATHER_INFO |
2011-06-09 | Name : The remote Fedora host is missing a security update. File : fedora_2011-7397.nasl - Type : ACT_GATHER_INFO |
2011-06-07 | Name : The remote Fedora host is missing a security update. File : fedora_2011-7393.nasl - Type : ACT_GATHER_INFO |
2011-06-02 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0837.nasl - Type : ACT_GATHER_INFO |
2011-06-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0839.nasl - Type : ACT_GATHER_INFO |
2011-06-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0838.nasl - Type : ACT_GATHER_INFO |
2011-06-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0837.nasl - Type : ACT_GATHER_INFO |
2011-05-31 | Name : The remote Fedora host is missing a security update. File : fedora_2011-7371.nasl - Type : ACT_GATHER_INFO |
2011-05-31 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-103.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_gimp-110217.nasl - Type : ACT_GATHER_INFO |
2011-04-14 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1109-1.nasl - Type : ACT_GATHER_INFO |
2011-03-25 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_gimp-7374.nasl - Type : ACT_GATHER_INFO |
2011-03-11 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_gimp-110307.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:54:45 |
|