Executive Summary
Summary | |
---|---|
Title | GIMP vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-1109-1 | First vendor Publication | 2011-04-13 |
Vendor | Ubuntu | Last vendor Modification | 2011-04-13 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 9.10 Ubuntu 10.04 LTS Ubuntu 10.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: Ubuntu 9.10: Ubuntu 10.04 LTS: Ubuntu 10.10: After a standard system update you need to restart GIMP to make all the necessary changes. Details follow: It was discovered that GIMP incorrectly handled malformed data in certain plugin configuration files. If a user were tricked into opening a specially crafted plugin configuration file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user's privileges. The default compiler options for affected releases should reduce the vulnerability to a denial of service. (CVE-2010-4540, CVE-2010-4541, CVE-2010-4542) It was discovered that GIMP incorrectly handled malformed PSP image files. If a user were tricked into opening a specially crafted PSP image file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user's privileges. (CVE-2010-4543) |
Original Source
Url : http://www.ubuntu.com/usn/USN-1109-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-787 | Out-of-bounds Write (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:13772 | |||
Oval ID: | oval:org.mitre.oval:def:13772 | ||
Title: | USN-1109-1 -- gimp vulnerabilities | ||
Description: | It was discovered that GIMP incorrectly handled malformed data in certain plugin configuration files. If a user were tricked into opening a specially crafted plugin configuration file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user�s privileges. The default compiler options for affected releases should reduce the vulnerability to a denial of service. It was discovered that GIMP incorrectly handled malformed PSP image files. If a user were tricked into opening a specially crafted PSP image file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user�s privileges | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1109-1 CVE-2010-4540 CVE-2010-4541 CVE-2010-4542 CVE-2010-4543 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 10.10 Ubuntu 9.10 Ubuntu 10.04 | Product(s): | gimp |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21949 | |||
Oval ID: | oval:org.mitre.oval:def:21949 | ||
Title: | RHSA-2011:0839: gimp security update (Moderate) | ||
Description: | Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image file that begins a long run count at the end of the image. NOTE: some of these details are obtained from third party information. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:0839-01 CVE-2010-4540 CVE-2010-4541 CVE-2010-4542 CVE-2010-4543 | Version: | 55 |
Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | gimp |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23689 | |||
Oval ID: | oval:org.mitre.oval:def:23689 | ||
Title: | ELSA-2011:0839: gimp security update (Moderate) | ||
Description: | Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image file that begins a long run count at the end of the image. NOTE: some of these details are obtained from third party information. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0839-01 CVE-2010-4540 CVE-2010-4541 CVE-2010-4542 CVE-2010-4543 | Version: | 21 |
Platform(s): | Oracle Linux 6 | Product(s): | gimp |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27488 | |||
Oval ID: | oval:org.mitre.oval:def:27488 | ||
Title: | DEPRECATED: ELSA-2011-0839 -- gimp security update (moderate) | ||
Description: | [2:2.6.9-4.1] - fix various overflows (#666793, #703403, #703405, #703407, #704512) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-0839 CVE-2010-4540 CVE-2010-4541 CVE-2010-4542 CVE-2010-4543 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | gimp |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2012-10-03 | Name : Gentoo Security Advisory GLSA 201209-23 (gimp) File : nvt/glsa_201209_23.nasl |
2012-07-30 | Name : CentOS Update for gimp CESA-2011:0837 centos4 x86_64 File : nvt/gb_CESA-2011_0837_gimp_centos4_x86_64.nasl |
2012-07-30 | Name : CentOS Update for gimp CESA-2011:0838 centos5 x86_64 File : nvt/gb_CESA-2011_0838_gimp_centos5_x86_64.nasl |
2012-06-06 | Name : RedHat Update for gimp RHSA-2011:0839-01 File : nvt/gb_RHSA-2011_0839-01_gimp.nasl |
2012-03-12 | Name : Debian Security Advisory DSA 2426-1 (gimp) File : nvt/deb_2426_1.nasl |
2011-08-27 | Name : Fedora Update for gimp FEDORA-2011-10782 File : nvt/gb_fedora_2011_10782_gimp_fc14.nasl |
2011-08-24 | Name : Fedora Update for gimp FEDORA-2011-10788 File : nvt/gb_fedora_2011_10788_gimp_fc15.nasl |
2011-08-09 | Name : CentOS Update for gimp CESA-2011:0838 centos5 i386 File : nvt/gb_CESA-2011_0838_gimp_centos5_i386.nasl |
2011-06-10 | Name : Fedora Update for gimp FEDORA-2011-7393 File : nvt/gb_fedora_2011_7393_gimp_fc14.nasl |
2011-06-10 | Name : Fedora Update for gimp FEDORA-2011-7397 File : nvt/gb_fedora_2011_7397_gimp_fc13.nasl |
2011-06-06 | Name : CentOS Update for gimp CESA-2011:0837 centos4 i386 File : nvt/gb_CESA-2011_0837_gimp_centos4_i386.nasl |
2011-06-06 | Name : RedHat Update for gimp RHSA-2011:0837-01 File : nvt/gb_RHSA-2011_0837-01_gimp.nasl |
2011-06-06 | Name : RedHat Update for gimp RHSA-2011:0838-01 File : nvt/gb_RHSA-2011_0838-01_gimp.nasl |
2011-06-03 | Name : Mandriva Update for gimp MDVSA-2011:103 (gimp) File : nvt/gb_mandriva_MDVSA_2011_103.nasl |
2011-04-19 | Name : Ubuntu Update for gimp vulnerabilities USN-1109-1 File : nvt/gb_ubuntu_USN_1109_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
70284 | GIMP plug-ins/common/file-psp.c read_channel_data() Function Overflow GIMP is prone to an overflow condition. The 'read_channel_data()' function in 'plug-ins/common/file-psp.c' fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted PSP file, a context-dependent attacker can potentially execute arbitrary code. |
70283 | GIMP plug-ins/gfig/gfig-style.c gfig_read_parameter_gimp_rgb() Function Overflow GIMP is prone to an overflow condition. The 'gfig_read_parameter_gimp_rgb()' function in 'plug-ins/gfig/gfig-style.c' fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted GFIG or XCF file, a context-dependent attacker can potentially execute arbitrary code. |
70282 | GIMP plug-ins/lighting/lighting-ui.c load_preset_response() Function Overflow GIMP is prone to an overflow condition. The 'load_preset_response()' function in 'plug-ins/lighting/lighting-ui.c' in the 'Lighting Effects' plugin fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted file for the plugin, a context-dependent attacker can potentially execute arbitrary code. |
70281 | GIMP plug-ins/common/sphere-designer.c loadit() Function Overflow GIMP is prone to an overflow condition. The 'loadit()' function in 'plug-ins/common/sphere-designer.c' of the 'Sphere Designer' plugin fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted file for the plugin, a context-dependent attacker can potentially execute arbitrary code. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_gimp-110217.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0839.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0838.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0837.nasl - Type : ACT_GATHER_INFO |
2013-06-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0838.nasl - Type : ACT_GATHER_INFO |
2012-09-29 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201209-23.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110531_gimp_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110531_gimp_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110531_gimp_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-03-07 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2426.nasl - Type : ACT_GATHER_INFO |
2011-06-09 | Name : The remote Fedora host is missing a security update. File : fedora_2011-7397.nasl - Type : ACT_GATHER_INFO |
2011-06-07 | Name : The remote Fedora host is missing a security update. File : fedora_2011-7393.nasl - Type : ACT_GATHER_INFO |
2011-06-02 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0837.nasl - Type : ACT_GATHER_INFO |
2011-06-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0839.nasl - Type : ACT_GATHER_INFO |
2011-06-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0838.nasl - Type : ACT_GATHER_INFO |
2011-06-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0837.nasl - Type : ACT_GATHER_INFO |
2011-05-31 | Name : The remote Fedora host is missing a security update. File : fedora_2011-7371.nasl - Type : ACT_GATHER_INFO |
2011-05-31 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-103.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_gimp-110217.nasl - Type : ACT_GATHER_INFO |
2011-04-14 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1109-1.nasl - Type : ACT_GATHER_INFO |
2011-03-25 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_gimp-7374.nasl - Type : ACT_GATHER_INFO |
2011-03-11 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_gimp-110307.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:58:30 |
|