Executive Summary
Summary | |
---|---|
Title | gimp security update |
Informations | |||
---|---|---|---|
Name | RHSA-2011:0838 | First vendor Publication | 2011-05-31 |
Vendor | RedHat | Last vendor Modification | 2011-05-31 |
Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's Microsoft Windows Bitmap (BMP) and Personal Computer eXchange (PCX) image file plug-ins. An attacker could create a specially-crafted BMP or PCX image file that, when opened, could cause the relevant plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2009-1570, CVE-2011-1178) A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro (PSP) image file plug-in. An attacker could create a specially-crafted PSP image file that, when opened, could cause the PSP plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2010-4543) A stack-based buffer overflow flaw was found in the GIMP's Lightning, Sphere Designer, and Gfig image filters. An attacker could create a specially-crafted Lightning, Sphere Designer, or Gfig filter configuration file that, when opened, could cause the relevant plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2010-4540, CVE-2010-4541, CVE-2010-4542) Red Hat would like to thank Stefan Cornelius of Secunia Research for responsibly reporting the CVE-2009-1570 flaw. Users of the GIMP are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The GIMP must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 537356 - CVE-2009-1570 Gimp: Integer overflow in the BMP image file plugin 666793 - CVE-2010-4540 Gimp: Stack-based buffer overflow in Lighting plug-in 689831 - CVE-2011-1178 Gimp: Integer overflow in the PCX image file plug-in 703403 - CVE-2010-4541 Gimp: Stack-based buffer overflow in SphereDesigner plug-in 703405 - CVE-2010-4542 Gimp: Stack-based buffer overflow in Gfig plug-in 703407 - CVE-2010-4543 Gimp: Heap-based buffer overflow in Paint Shop Pro (PSP) plug-in |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2011-0838.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
67 % | CWE-787 | Out-of-bounds Write (CWE/SANS Top 25) |
33 % | CWE-190 | Integer Overflow or Wraparound (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:13772 | |||
Oval ID: | oval:org.mitre.oval:def:13772 | ||
Title: | USN-1109-1 -- gimp vulnerabilities | ||
Description: | It was discovered that GIMP incorrectly handled malformed data in certain plugin configuration files. If a user were tricked into opening a specially crafted plugin configuration file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user�s privileges. The default compiler options for affected releases should reduce the vulnerability to a denial of service. It was discovered that GIMP incorrectly handled malformed PSP image files. If a user were tricked into opening a specially crafted PSP image file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user�s privileges | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1109-1 CVE-2010-4540 CVE-2010-4541 CVE-2010-4542 CVE-2010-4543 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 10.10 Ubuntu 9.10 Ubuntu 10.04 | Product(s): | gimp |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21710 | |||
Oval ID: | oval:org.mitre.oval:def:21710 | ||
Title: | RHSA-2011:0838: gimp security update (Moderate) | ||
Description: | Multiple integer overflows in the load_image function in file-pcx.c in the Personal Computer Exchange (PCX) plugin in GIMP 2.6.x and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PCX image that triggers a heap-based buffer overflow. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:0838-01 CESA-2011:0838 CVE-2009-1570 CVE-2010-4540 CVE-2010-4541 CVE-2010-4542 CVE-2010-4543 CVE-2011-1178 | Version: | 81 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | gimp |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21949 | |||
Oval ID: | oval:org.mitre.oval:def:21949 | ||
Title: | RHSA-2011:0839: gimp security update (Moderate) | ||
Description: | Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image file that begins a long run count at the end of the image. NOTE: some of these details are obtained from third party information. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:0839-01 CVE-2010-4540 CVE-2010-4541 CVE-2010-4542 CVE-2010-4543 | Version: | 55 |
Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | gimp |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23268 | |||
Oval ID: | oval:org.mitre.oval:def:23268 | ||
Title: | ELSA-2011:0838: gimp security update (Moderate) | ||
Description: | Multiple integer overflows in the load_image function in file-pcx.c in the Personal Computer Exchange (PCX) plugin in GIMP 2.6.x and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PCX image that triggers a heap-based buffer overflow. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0838-01 CVE-2009-1570 CVE-2010-4540 CVE-2010-4541 CVE-2010-4542 CVE-2010-4543 CVE-2011-1178 | Version: | 29 |
Platform(s): | Oracle Linux 5 | Product(s): | gimp |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23689 | |||
Oval ID: | oval:org.mitre.oval:def:23689 | ||
Title: | ELSA-2011:0839: gimp security update (Moderate) | ||
Description: | Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image file that begins a long run count at the end of the image. NOTE: some of these details are obtained from third party information. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0839-01 CVE-2010-4540 CVE-2010-4541 CVE-2010-4542 CVE-2010-4543 | Version: | 21 |
Platform(s): | Oracle Linux 6 | Product(s): | gimp |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27488 | |||
Oval ID: | oval:org.mitre.oval:def:27488 | ||
Title: | DEPRECATED: ELSA-2011-0839 -- gimp security update (moderate) | ||
Description: | [2:2.6.9-4.1] - fix various overflows (#666793, #703403, #703405, #703407, #704512) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-0839 CVE-2010-4540 CVE-2010-4541 CVE-2010-4542 CVE-2010-4543 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | gimp |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27965 | |||
Oval ID: | oval:org.mitre.oval:def:27965 | ||
Title: | DEPRECATED: ELSA-2011-0838 -- gimp security update (moderate) | ||
Description: | [2:2.2.13-2.0.7.2] - fix various overflows (#537356, #666793, #689831, #703403, #703405, #703407, - unfuzz gimphelpmissing, icontheme patches | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-0838 CVE-2009-1570 CVE-2010-4540 CVE-2010-4541 CVE-2010-4542 CVE-2010-4543 CVE-2011-1178 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | gimp |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8290 | |||
Oval ID: | oval:org.mitre.oval:def:8290 | ||
Title: | An Integer Overflow Vulnerability in GIMP(1) May Lead to Denial of Service (DoS) or Execution of Arbitrary Code | ||
Description: | Integer overflow in the ReadImage function in plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a BMP file with crafted width and height values that trigger a heap-based buffer overflow. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1570 | Version: | 1 |
Platform(s): | Sun Solaris 10 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-10-03 | Name : Gentoo Security Advisory GLSA 201209-23 (gimp) File : nvt/glsa_201209_23.nasl |
2012-07-30 | Name : CentOS Update for gimp CESA-2011:0837 centos4 x86_64 File : nvt/gb_CESA-2011_0837_gimp_centos4_x86_64.nasl |
2012-07-30 | Name : CentOS Update for gimp CESA-2011:0838 centos5 x86_64 File : nvt/gb_CESA-2011_0838_gimp_centos5_x86_64.nasl |
2012-06-06 | Name : RedHat Update for gimp RHSA-2011:0839-01 File : nvt/gb_RHSA-2011_0839-01_gimp.nasl |
2012-03-12 | Name : Debian Security Advisory DSA 2426-1 (gimp) File : nvt/deb_2426_1.nasl |
2011-08-27 | Name : Fedora Update for gimp FEDORA-2011-10782 File : nvt/gb_fedora_2011_10782_gimp_fc14.nasl |
2011-08-24 | Name : Fedora Update for gimp FEDORA-2011-10788 File : nvt/gb_fedora_2011_10788_gimp_fc15.nasl |
2011-08-09 | Name : CentOS Update for gimp CESA-2011:0838 centos5 i386 File : nvt/gb_CESA-2011_0838_gimp_centos5_i386.nasl |
2011-06-24 | Name : Mandriva Update for gimp MDVSA-2011:110 (gimp) File : nvt/gb_mandriva_MDVSA_2011_110.nasl |
2011-06-10 | Name : Fedora Update for gimp FEDORA-2011-7393 File : nvt/gb_fedora_2011_7393_gimp_fc14.nasl |
2011-06-10 | Name : Fedora Update for gimp FEDORA-2011-7397 File : nvt/gb_fedora_2011_7397_gimp_fc13.nasl |
2011-06-06 | Name : RedHat Update for gimp RHSA-2011:0837-01 File : nvt/gb_RHSA-2011_0837-01_gimp.nasl |
2011-06-06 | Name : RedHat Update for gimp RHSA-2011:0838-01 File : nvt/gb_RHSA-2011_0838-01_gimp.nasl |
2011-06-06 | Name : CentOS Update for gimp CESA-2011:0837 centos4 i386 File : nvt/gb_CESA-2011_0837_gimp_centos4_i386.nasl |
2011-06-03 | Name : Mandriva Update for gimp MDVSA-2011:103 (gimp) File : nvt/gb_mandriva_MDVSA_2011_103.nasl |
2011-04-19 | Name : Ubuntu Update for gimp vulnerabilities USN-1109-1 File : nvt/gb_ubuntu_USN_1109_1.nasl |
2010-04-30 | Name : Mandriva Update for gimp MDVSA-2009:332-1 (gimp) File : nvt/gb_mandriva_MDVSA_2009_332_1.nasl |
2010-02-03 | Name : Solaris Update for GNOME 2.6.0 143510-01 File : nvt/gb_solaris_143510_01.nasl |
2010-02-03 | Name : Solaris Update for GIMP 143511-01 File : nvt/gb_solaris_143511_01.nasl |
2010-01-15 | Name : Ubuntu Update for gimp vulnerabilities USN-880-1 File : nvt/gb_ubuntu_USN_880_1.nasl |
2009-12-14 | Name : Mandriva Security Advisory MDVSA-2009:296-1 (gimp) File : nvt/mdksa_2009_296_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-345-01 gimp File : nvt/esoft_slk_ssa_2009_345_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
72753 | GIMP Personal Computer Exchange Plugin file-pcx.c load_image Function Crafted... |
70284 | GIMP plug-ins/common/file-psp.c read_channel_data() Function Overflow GIMP is prone to an overflow condition. The 'read_channel_data()' function in 'plug-ins/common/file-psp.c' fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted PSP file, a context-dependent attacker can potentially execute arbitrary code. |
70283 | GIMP plug-ins/gfig/gfig-style.c gfig_read_parameter_gimp_rgb() Function Overflow GIMP is prone to an overflow condition. The 'gfig_read_parameter_gimp_rgb()' function in 'plug-ins/gfig/gfig-style.c' fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted GFIG or XCF file, a context-dependent attacker can potentially execute arbitrary code. |
70282 | GIMP plug-ins/lighting/lighting-ui.c load_preset_response() Function Overflow GIMP is prone to an overflow condition. The 'load_preset_response()' function in 'plug-ins/lighting/lighting-ui.c' in the 'Lighting Effects' plugin fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted file for the plugin, a context-dependent attacker can potentially execute arbitrary code. |
70281 | GIMP plug-ins/common/sphere-designer.c loadit() Function Overflow GIMP is prone to an overflow condition. The 'loadit()' function in 'plug-ins/common/sphere-designer.c' of the 'Sphere Designer' plugin fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted file for the plugin, a context-dependent attacker can potentially execute arbitrary code. |
59930 | GIMP plug-ins/file-bmp/bmp-read.c ReadImage() Function Overflow |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_gimp-110531.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_gimp-110531.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_gimp-110217.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0839.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0838.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0837.nasl - Type : ACT_GATHER_INFO |
2013-06-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0838.nasl - Type : ACT_GATHER_INFO |
2012-09-29 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201209-23.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110531_gimp_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110531_gimp_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110531_gimp_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-03-07 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2426.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_gimp-7543.nasl - Type : ACT_GATHER_INFO |
2011-06-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-110.nasl - Type : ACT_GATHER_INFO |
2011-06-09 | Name : The remote Fedora host is missing a security update. File : fedora_2011-7397.nasl - Type : ACT_GATHER_INFO |
2011-06-07 | Name : The remote Fedora host is missing a security update. File : fedora_2011-7393.nasl - Type : ACT_GATHER_INFO |
2011-06-07 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_gimp-110531.nasl - Type : ACT_GATHER_INFO |
2011-06-02 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0837.nasl - Type : ACT_GATHER_INFO |
2011-06-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0837.nasl - Type : ACT_GATHER_INFO |
2011-06-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0838.nasl - Type : ACT_GATHER_INFO |
2011-06-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0839.nasl - Type : ACT_GATHER_INFO |
2011-05-31 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-103.nasl - Type : ACT_GATHER_INFO |
2011-05-31 | Name : The remote Fedora host is missing a security update. File : fedora_2011-7371.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_gimp-110217.nasl - Type : ACT_GATHER_INFO |
2011-04-14 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1109-1.nasl - Type : ACT_GATHER_INFO |
2011-03-25 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_gimp-7374.nasl - Type : ACT_GATHER_INFO |
2011-03-11 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_gimp-110307.nasl - Type : ACT_GATHER_INFO |
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_gimp-6880.nasl - Type : ACT_GATHER_INFO |
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_gimp-6882.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_gimp-100318.nasl - Type : ACT_GATHER_INFO |
2010-04-29 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-332.nasl - Type : ACT_GATHER_INFO |
2010-04-15 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_gimp-100318.nasl - Type : ACT_GATHER_INFO |
2010-04-15 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_gimp-100318.nasl - Type : ACT_GATHER_INFO |
2010-04-15 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_gimp-100318.nasl - Type : ACT_GATHER_INFO |
2010-01-08 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-880-1.nasl - Type : ACT_GATHER_INFO |
2009-12-14 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-345-01.nasl - Type : ACT_GATHER_INFO |
2009-12-14 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-296.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:54:45 |
|