USN-880-1

Executive Summary

Summary
Title	GIMP vulnerabilities

Informations
Name	USN-880-1	First vendor Publication	2010-01-07
Vendor	Ubuntu	Last vendor Modification	2010-01-07
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
gimp 2.4.5-1ubuntu2.1

Ubuntu 8.10:
gimp 2.6.1-1ubuntu3.1

Ubuntu 9.04:
gimp 2.6.6-0ubuntu1.1

Ubuntu 9.10:
gimp 2.6.7-1ubuntu1.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Stefan Cornelius discovered that GIMP did not correctly handle certain
malformed BMP files. If a user were tricked into opening a specially
crafted BMP file, an attacker could execute arbitrary code with the user's
privileges. (CVE-2009-1570)

Stefan Cornelius discovered that GIMP did not correctly handle certain
malformed PSD files. If a user were tricked into opening a specially
crafted PSD file, an attacker could execute arbitrary code with the user's
privileges. This issue only applied to Ubuntu 8.10, 9.04 and 9.10.
(CVE-2009-3909)

Original Source

Url : http://www.ubuntu.com/usn/USN-880-1

CWE : Common Weakness Enumeration

id	Name
CWE-189	Numeric Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:8290

Oval ID:	oval:org.mitre.oval:def:8290
Title:	An Integer Overflow Vulnerability in GIMP(1) May Lead to Denial of Service (DoS) or Execution of Arbitrary Code
Description:	Integer overflow in the ReadImage function in plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a BMP file with crafted width and height values that trigger a heap-based buffer overflow.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-1570	Version:	1
Platform(s):	Sun Solaris 10	Product(s):
Definition Synopsis:
Solaris 10 (SPARC) meets Sun Alert 274390 Solaris 10 (SPARC) is installed AND NOT Patch 143510-01 or later installed OR Solaris 10 (x86) meets Sun Alert 274390 Solaris 10 (x86) is installed AND NOT Patch 143511-01 or later installed

CPE : Common Platform Enumeration

Type	Description	Count
Application	Gimp Gimp cpe:/a:gimp:gimp:2.6.7	1

Open Source Vulnerability Database (OSVDB)

id	Description
60178	GIMP plug-ins/file-psd/psd-load.c read_channel_data() Function PSD Image Hand...
59930	GIMP plug-ins/file-bmp/bmp-read.c ReadImage() Function Overflow