Vulnerabilities > CVE-2009-1570 - Integer Overflow or Wraparound vulnerability in Gimp 2.6.7
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Integer overflow in the ReadImage function in plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a BMP file with crafted width and height values that trigger a heap-based buffer overflow.
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Forced Integer Overflow This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_143511-01.NASL description GNOME 2.6.0_x86: GIMP patch. Date this patch was last updated by Sun : Jan/08/10 last seen 2020-06-01 modified 2020-06-02 plugin id 108041 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108041 title Solaris 10 (x86) : 143511-01 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(108041); script_version("1.5"); script_cvs_date("Date: 2019/10/25 13:36:26"); script_cve_id("CVE-2009-1570"); script_name(english:"Solaris 10 (x86) : 143511-01"); script_summary(english:"Check for patch 143511-01"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 143511-01" ); script_set_attribute( attribute:"description", value: "GNOME 2.6.0_x86: GIMP patch. Date this patch was last updated by Sun : Jan/08/10" ); script_set_attribute( attribute:"see_also", value:"https://download.oracle.com/sunalerts/1021722.1.html" ); script_set_attribute(attribute:"solution", value:"Install patch 143511-01"); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:143511"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10"); script_set_attribute(attribute:"patch_publication_date", value:"2010/01/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); showrev = get_kb_item("Host/Solaris/showrev"); if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris"); os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev); if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris"); full_ver = os_ver[1]; os_level = os_ver[2]; if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level); package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev); if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH); package_arch = package_arch[1]; if (package_arch != "i386") audit(AUDIT_ARCH_NOT, "i386", package_arch); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"143511-01", obsoleted_by:"122213-46 ", package:"SUNWgnome-img-editor", version:"2.6.0,REV=10.0.3.2004.12.16.18.25") < 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : solaris_get_report() ); } else { patch_fix = solaris_patch_fix_get(); if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10"); tested = solaris_pkg_tests_get(); if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWgnome-img-editor"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201209-23.NASL description The remote host is affected by the vulnerability described in GLSA-201209-23 (GIMP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in GIMP. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 62379 published 2012-09-29 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62379 title GLSA-201209-23 : GIMP: Multiple vulnerabilities NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2011-0838.NASL description Updated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP last seen 2020-06-01 modified 2020-06-02 plugin id 67082 published 2013-06-29 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67082 title CentOS 5 : gimp (CESA-2011:0838) NASL family SuSE Local Security Checks NASL id SUSE_11_2_GIMP-100318.NASL description Integer overflows in the BMP and PSD plug-ins potentially allowed attackers to execute arbitrary code on the victim last seen 2020-06-01 modified 2020-06-02 plugin id 45537 published 2010-04-15 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/45537 title openSUSE Security Update : gimp (openSUSE-SU-2010:0115-1) NASL family SuSE Local Security Checks NASL id SUSE_11_GIMP-100318.NASL description Integer overflows in the BMP and PSD plug-ins potentially allowed attackers to execute arbitrary code on the victim last seen 2020-06-01 modified 2020-06-02 plugin id 50910 published 2010-12-02 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50910 title SuSE 11 Security Update : gimp (SAT Patch Number 2155) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2011-0838.NASL description From Red Hat Security Advisory 2011:0838 : Updated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP last seen 2020-06-01 modified 2020-06-02 plugin id 68279 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68279 title Oracle Linux 5 : gimp (ELSA-2011-0838) NASL family Solaris Local Security Checks NASL id SOLARIS10_143510-01.NASL description GNOME 2.6.0: GIMP patch. Date this patch was last updated by Sun : Jan/08/10 last seen 2020-06-01 modified 2020-06-02 plugin id 107546 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107546 title Solaris 10 (sparc) : 143510-01 NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-0837.NASL description Updated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP last seen 2020-06-01 modified 2020-06-02 plugin id 54926 published 2011-06-01 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/54926 title RHEL 4 : gimp (RHSA-2011:0837) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-296.NASL description A vulnerability was discovered and corrected in gimp : Integer overflow in the ReadImage function in plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a BMP file with crafted width and height values that trigger a heap-based buffer overflow (CVE-2009-1570). This update provides a solution to this vulnerability. Update : Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers last seen 2020-06-01 modified 2020-06-02 plugin id 43144 published 2009-12-14 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/43144 title Mandriva Linux Security Advisory : gimp (MDVSA-2009:296-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-880-1.NASL description Stefan Cornelius discovered that GIMP did not correctly handle certain malformed BMP files. If a user were tricked into opening a specially crafted BMP file, an attacker could execute arbitrary code with the user last seen 2020-06-01 modified 2020-06-02 plugin id 43825 published 2010-01-08 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43825 title Ubuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : gimp vulnerabilities (USN-880-1) NASL family Scientific Linux Local Security Checks NASL id SL_20110531_GIMP_ON_SL4_X.NASL description The GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP last seen 2020-06-01 modified 2020-06-02 plugin id 61056 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61056 title Scientific Linux Security Update : gimp on SL4.x i386/x86_64 NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-0838.NASL description Updated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP last seen 2020-06-01 modified 2020-06-02 plugin id 54927 published 2011-06-01 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/54927 title RHEL 5 : gimp (RHSA-2011:0838) NASL family SuSE Local Security Checks NASL id SUSE_GIMP-6882.NASL description Integer overflows in the BMP and PSD plug-ins potentially allowed attackers to execute arbitrary code on the victim last seen 2020-06-01 modified 2020-06-02 plugin id 51747 published 2011-01-27 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51747 title SuSE 10 Security Update : gimp (ZYPP Patch Number 6882) NASL family SuSE Local Security Checks NASL id SUSE_GIMP-6880.NASL description Integer overflows in the BMP and PSD plug-ins potentially allowed attackers to execute arbitrary code on the victim last seen 2020-06-01 modified 2020-06-02 plugin id 51746 published 2011-01-27 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51746 title SuSE 10 Security Update : gimp (ZYPP Patch Number 6880) NASL family SuSE Local Security Checks NASL id SUSE_11_0_GIMP-100318.NASL description Integer overflows in the BMP plug-in potentially allowed attackers to execute arbitrary code on the victim last seen 2020-06-01 modified 2020-06-02 plugin id 45532 published 2010-04-15 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/45532 title openSUSE Security Update : gimp (openSUSE-SU-2010:0110-1) NASL family Scientific Linux Local Security Checks NASL id SL_20110531_GIMP_ON_SL5_X.NASL description The GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP last seen 2020-06-01 modified 2020-06-02 plugin id 61057 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61057 title Scientific Linux Security Update : gimp on SL5.x i386/x86_64 NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2011-0837.NASL description From Red Hat Security Advisory 2011:0837 : Updated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP last seen 2020-06-01 modified 2020-06-02 plugin id 68278 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68278 title Oracle Linux 4 : gimp (ELSA-2011-0837) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2011-0837.NASL description Updated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP last seen 2020-06-01 modified 2020-06-02 plugin id 54936 published 2011-06-02 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/54936 title CentOS 4 : gimp (CESA-2011:0837) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-332.NASL description A vulnerability was discovered and corrected in gimp : Integer overflow in the read_channel_data function in plug-ins/file-psd/psd-load.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a crafted PSD file that triggers a heap-based buffer overflow (CVE-2009-3909). Additionally the patch for CVE-2009-1570 in MDVSA-2009:296 was incomplete, this update corrects this as well. This update provides a solution to this vulnerability. Update : Packages for 2009.0 are provided due to the Extended Maintenance Program. last seen 2020-06-01 modified 2020-06-02 plugin id 46175 published 2010-04-29 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/46175 title Mandriva Linux Security Advisory : gimp (MDVSA-2009:332-1) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2009-345-01.NASL description New gimp packages are available for Slackware 12.1, 12.2, 13.0, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 43112 published 2009-12-14 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/43112 title Slackware 12.1 / 12.2 / 13.0 / current : gimp (SSA:2009-345-01) NASL family SuSE Local Security Checks NASL id SUSE_11_1_GIMP-100318.NASL description Integer overflows in the BMP and PSD plug-ins potentially allowed attackers to execute arbitrary code on the victim last seen 2020-06-01 modified 2020-06-02 plugin id 45535 published 2010-04-15 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/45535 title openSUSE Security Update : gimp (openSUSE-SU-2010:0115-1)
Oval
| accepted | 2010-03-01T04:00:17.105-05:00 | ||||||||
| class | vulnerability | ||||||||
| contributors |
| ||||||||
| definition_extensions |
| ||||||||
| description | Integer overflow in the ReadImage function in plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a BMP file with crafted width and height values that trigger a heap-based buffer overflow. | ||||||||
| family | unix | ||||||||
| id | oval:org.mitre.oval:def:8290 | ||||||||
| status | accepted | ||||||||
| submitted | 2010-01-19T17:52:34.000-05:00 | ||||||||
| title | An Integer Overflow Vulnerability in GIMP(1) May Lead to Denial of Service (DoS) or Execution of Arbitrary Code | ||||||||
| version | 35 |
Redhat
| advisories |
| ||||||||
| rpms |
|
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 37006 CVE ID: CVE-2009-1570 GIMP是GNU Image Manipulation Program(GNU图像处理程序)的缩写,是一款跨平台的图像处理软件。 GIMP的plug-ins/file-bmp/bmp-read.c文件中的ReadImage()函数存在最终可导致堆溢出的整数溢出漏洞。如果用户受骗打开了特制的BMP文件,就可能触发这个溢出,导致执行任意代码。 GIMP 2.6.7 厂商补丁: GIMP ---- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://git.gnome.org/cgit/gimp/commit/?id=e3afc99b2fa7aeddf0dba4778663160a5bc682d3 |
| id | SSV:12629 |
| last seen | 2017-11-19 |
| modified | 2009-11-13 |
| published | 2009-11-13 |
| reporter | Root |
| title | GIMP BMP图形解析整数溢出漏洞 |
References
- http://secunia.com/advisories/37232
- http://git.gnome.org/cgit/gimp/commit/?h=gimp-2-6&id=df2b0aca2e7cdb95ebfd3454c65aaba0a83e9bbe
- http://www.osvdb.org/59930
- http://www.vupen.com/english/advisories/2009/3228
- http://secunia.com/secunia_research/2009-42/
- https://bugzilla.gnome.org/show_bug.cgi?id=600484
- http://www.securityfocus.com/bid/37006
- http://www.vupen.com/english/advisories/2009/3564
- http://www.vupen.com/english/advisories/2010/1021
- http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html
- http://www.redhat.com/support/errata/RHSA-2011-0838.html
- http://www.redhat.com/support/errata/RHSA-2011-0837.html
- http://secunia.com/advisories/50737
- http://security.gentoo.org/glsa/glsa-201209-23.xml
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54254
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8290
- http://www.securityfocus.com/archive/1/507813/100/0/threaded