Vulnerabilities > CVE-2007-3741 - Unspecified vulnerability in GNU Gimp

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

gnu

nessus

NVD

Published: 2007-08-27

Updated: 2023-02-13

Summary

The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp allow user-assisted remote attackers to cause a denial of service (crash or memory consumption) via crafted image files, as discovered using the fusil fuzzing tool.

Vulnerable Configurations

Part	Description	Count
OS	Mandriva Mandriva Linux *	1
Application	Gnu GNU Gimp *	1

Nessus

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2007-0513.NASL
description	From Red Hat Security Advisory 2007:0513 : Updated gimp packages that fix several security issues are now available for Red Hat Enterprise Linux. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. Multiple integer overflow and input validation flaws were found in The GIMP
last seen	2020-06-01
modified	2020-06-02
plugin id	67527
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/67527
title	Oracle Linux 3 / 4 / 5 : gimp (ELSA-2007-0513)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2007-0513.NASL
description	Updated gimp packages that fix several security issues are now available for Red Hat Enterprise Linux. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. Multiple integer overflow and input validation flaws were found in The GIMP
last seen	2020-06-01
modified	2020-06-02
plugin id	26203
published	2007-10-03
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/26203
title	CentOS 3 / 4 / 5 : gimp (CESA-2007:0513)

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2007-170.NASL
description	Multiple integer overflows in the image loader plug-ins in GIMP before 2.2.16 allow user-assisted remote attackers to execute arbitrary code via crafted length values in (1) DICOM, (2) PNM, (3) PSD, (4) PSP, (5) Sun RAS, (6) XBM, and (7) XWD files. (CVE-2006-4519) Integer overflow in the seek_to_and_unpack_pixeldata function in the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute arbitrary code via a crafted PSD file that contains a large (1) width or (2) height value. (CVE-2007-2949) Victor Stinner has discovered several flaws in file plug-ins using his fuzzyfier tool fusil. Several modified image files cause the plug-ins to crash or consume excessive amounts of memory due to insufficient input validation. Affected plug-ins: bmp, pcx, psd, psp (*.tub). (CVE-2007-3741) Updated packages have been patched to prevent these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	25947
published	2007-08-28
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/25947
title	Mandrake Linux Security Advisory : gimp (MDKSA-2007:170)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2007-0513.NASL
description	Updated gimp packages that fix several security issues are now available for Red Hat Enterprise Linux. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. Multiple integer overflow and input validation flaws were found in The GIMP
last seen	2020-06-01
modified	2020-06-02
plugin id	26189
published	2007-09-26
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/26189
title	RHEL 2.1 / 3 / 4 / 5 : gimp (RHSA-2007:0513)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20070926_GIMP_ON_SL5_X.NASL
description	Multiple integer overflow and input validation flaws were found in The GIMP
last seen	2020-06-01
modified	2020-06-02
plugin id	60256
published	2012-08-01
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/60256
title	Scientific Linux Security Update : gimp on SL5.x, SL4.x, SL3.x i386/x86_64

Oval

accepted

2013-04-29T04:01:37.390-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651
comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990
comment The operating system installed on the system is Red Hat Enterprise Linux 5
oval oval:org.mitre.oval:def:11414
comment The operating system installed on the system is CentOS Linux 5.x
oval oval:org.mitre.oval:def:15802
comment Oracle Linux 5.x
oval oval:org.mitre.oval:def:15459

description

family

unix

oval:org.mitre.oval:def:10099

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

Redhat

advisories

bugzilla

id	248053
title	CVE-2007-3741 Gimp image loader multiple input validation flaws

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 4 is installed
oval oval:com.redhat.rhba:tst:20070304025

AND
comment gimp-devel is earlier than 1:2.0.5-7.0.7.el4
oval oval:com.redhat.rhsa:tst:20070513001
comment gimp-devel is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060598004
AND
comment gimp is earlier than 1:2.0.5-7.0.7.el4
oval oval:com.redhat.rhsa:tst:20070513003
comment gimp is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060598002

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005

AND
comment gimp-devel is earlier than 2:2.2.13-2.0.7.el5
oval oval:com.redhat.rhsa:tst:20070513006
comment gimp-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070343007
AND
comment gimp-libs is earlier than 2:2.2.13-2.0.7.el5
oval oval:com.redhat.rhsa:tst:20070513008
comment gimp-libs is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070343009
AND
comment gimp is earlier than 2:2.2.13-2.0.7.el5
oval oval:com.redhat.rhsa:tst:20070513010
comment gimp is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070343011

rhsa

id	RHSA-2007:0513
released	2008-01-07
severity	Moderate
title	RHSA-2007:0513: gimp security update (Moderate)

rpms

gimp-1:1.2.1-7.8.el2_1
gimp-1:1.2.3-20.9.el3
gimp-1:2.0.5-7.0.7.el4
gimp-2:2.2.13-2.0.7.el5
gimp-debuginfo-1:2.0.5-7.0.7.el4
gimp-debuginfo-2:2.2.13-2.0.7.el5
gimp-devel-1:1.2.1-7.8.el2_1
gimp-devel-1:1.2.3-20.9.el3
gimp-devel-1:2.0.5-7.0.7.el4
gimp-devel-2:2.2.13-2.0.7.el5
gimp-libs-2:2.2.13-2.0.7.el5
gimp-perl-1:1.2.1-7.8.el2_1
gimp-perl-1:1.2.3-20.9.el3

Summary

Vulnerable Configurations

Nessus

Oval

Redhat

References