Vulnerabilities > CVE-2009-1570 - Integer Overflow or Wraparound vulnerability in Gimp 2.6.7

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
gimp
CWE-190
critical
nessus

Summary

Integer overflow in the ReadImage function in plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a BMP file with crafted width and height values that trigger a heap-based buffer overflow.

Vulnerable Configurations

Part Description Count
Application
Gimp
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.

Nessus

  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_143511-01.NASL
    descriptionGNOME 2.6.0_x86: GIMP patch. Date this patch was last updated by Sun : Jan/08/10
    last seen2020-06-01
    modified2020-06-02
    plugin id108041
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108041
    titleSolaris 10 (x86) : 143511-01
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text in this plugin was
    # extracted from the Oracle SunOS Patch Updates.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(108041);
      script_version("1.5");
      script_cvs_date("Date: 2019/10/25 13:36:26");
    
      script_cve_id("CVE-2009-1570");
    
      script_name(english:"Solaris 10 (x86) : 143511-01");
      script_summary(english:"Check for patch 143511-01");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote host is missing Sun Security Patch number 143511-01"
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "GNOME 2.6.0_x86: GIMP patch.
    Date this patch was last updated by Sun : Jan/08/10"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://download.oracle.com/sunalerts/1021722.1.html"
      );
      script_set_attribute(attribute:"solution", value:"Install patch 143511-01");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_cwe_id(189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:143511");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2010/01/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("solaris.inc");
    
    showrev = get_kb_item("Host/Solaris/showrev");
    if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris");
    os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev);
    if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris");
    full_ver = os_ver[1];
    os_level = os_ver[2];
    if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level);
    package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev);
    if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);
    package_arch = package_arch[1];
    if (package_arch != "i386") audit(AUDIT_ARCH_NOT, "i386", package_arch);
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"143511-01", obsoleted_by:"122213-46 ", package:"SUNWgnome-img-editor", version:"2.6.0,REV=10.0.3.2004.12.16.18.25") < 0) flag++;
    
    if (flag) {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : solaris_get_report()
      );
    } else {
      patch_fix = solaris_patch_fix_get();
      if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10");
      tested = solaris_pkg_tests_get();
      if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWgnome-img-editor");
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201209-23.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201209-23 (GIMP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in GIMP. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id62379
    published2012-09-29
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/62379
    titleGLSA-201209-23 : GIMP: Multiple vulnerabilities
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2011-0838.NASL
    descriptionUpdated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP
    last seen2020-06-01
    modified2020-06-02
    plugin id67082
    published2013-06-29
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67082
    titleCentOS 5 : gimp (CESA-2011:0838)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_GIMP-100318.NASL
    descriptionInteger overflows in the BMP and PSD plug-ins potentially allowed attackers to execute arbitrary code on the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id45537
    published2010-04-15
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/45537
    titleopenSUSE Security Update : gimp (openSUSE-SU-2010:0115-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_GIMP-100318.NASL
    descriptionInteger overflows in the BMP and PSD plug-ins potentially allowed attackers to execute arbitrary code on the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id50910
    published2010-12-02
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50910
    titleSuSE 11 Security Update : gimp (SAT Patch Number 2155)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2011-0838.NASL
    descriptionFrom Red Hat Security Advisory 2011:0838 : Updated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP
    last seen2020-06-01
    modified2020-06-02
    plugin id68279
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68279
    titleOracle Linux 5 : gimp (ELSA-2011-0838)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_143510-01.NASL
    descriptionGNOME 2.6.0: GIMP patch. Date this patch was last updated by Sun : Jan/08/10
    last seen2020-06-01
    modified2020-06-02
    plugin id107546
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107546
    titleSolaris 10 (sparc) : 143510-01
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-0837.NASL
    descriptionUpdated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP
    last seen2020-06-01
    modified2020-06-02
    plugin id54926
    published2011-06-01
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/54926
    titleRHEL 4 : gimp (RHSA-2011:0837)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-296.NASL
    descriptionA vulnerability was discovered and corrected in gimp : Integer overflow in the ReadImage function in plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a BMP file with crafted width and height values that trigger a heap-based buffer overflow (CVE-2009-1570). This update provides a solution to this vulnerability. Update : Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
    last seen2020-06-01
    modified2020-06-02
    plugin id43144
    published2009-12-14
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/43144
    titleMandriva Linux Security Advisory : gimp (MDVSA-2009:296-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-880-1.NASL
    descriptionStefan Cornelius discovered that GIMP did not correctly handle certain malformed BMP files. If a user were tricked into opening a specially crafted BMP file, an attacker could execute arbitrary code with the user
    last seen2020-06-01
    modified2020-06-02
    plugin id43825
    published2010-01-08
    reporterUbuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43825
    titleUbuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : gimp vulnerabilities (USN-880-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20110531_GIMP_ON_SL4_X.NASL
    descriptionThe GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP
    last seen2020-06-01
    modified2020-06-02
    plugin id61056
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61056
    titleScientific Linux Security Update : gimp on SL4.x i386/x86_64
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-0838.NASL
    descriptionUpdated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP
    last seen2020-06-01
    modified2020-06-02
    plugin id54927
    published2011-06-01
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/54927
    titleRHEL 5 : gimp (RHSA-2011:0838)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_GIMP-6882.NASL
    descriptionInteger overflows in the BMP and PSD plug-ins potentially allowed attackers to execute arbitrary code on the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id51747
    published2011-01-27
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/51747
    titleSuSE 10 Security Update : gimp (ZYPP Patch Number 6882)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_GIMP-6880.NASL
    descriptionInteger overflows in the BMP and PSD plug-ins potentially allowed attackers to execute arbitrary code on the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id51746
    published2011-01-27
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/51746
    titleSuSE 10 Security Update : gimp (ZYPP Patch Number 6880)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_GIMP-100318.NASL
    descriptionInteger overflows in the BMP plug-in potentially allowed attackers to execute arbitrary code on the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id45532
    published2010-04-15
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/45532
    titleopenSUSE Security Update : gimp (openSUSE-SU-2010:0110-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20110531_GIMP_ON_SL5_X.NASL
    descriptionThe GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP
    last seen2020-06-01
    modified2020-06-02
    plugin id61057
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61057
    titleScientific Linux Security Update : gimp on SL5.x i386/x86_64
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2011-0837.NASL
    descriptionFrom Red Hat Security Advisory 2011:0837 : Updated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP
    last seen2020-06-01
    modified2020-06-02
    plugin id68278
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68278
    titleOracle Linux 4 : gimp (ELSA-2011-0837)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2011-0837.NASL
    descriptionUpdated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP
    last seen2020-06-01
    modified2020-06-02
    plugin id54936
    published2011-06-02
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/54936
    titleCentOS 4 : gimp (CESA-2011:0837)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-332.NASL
    descriptionA vulnerability was discovered and corrected in gimp : Integer overflow in the read_channel_data function in plug-ins/file-psd/psd-load.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a crafted PSD file that triggers a heap-based buffer overflow (CVE-2009-3909). Additionally the patch for CVE-2009-1570 in MDVSA-2009:296 was incomplete, this update corrects this as well. This update provides a solution to this vulnerability. Update : Packages for 2009.0 are provided due to the Extended Maintenance Program.
    last seen2020-06-01
    modified2020-06-02
    plugin id46175
    published2010-04-29
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/46175
    titleMandriva Linux Security Advisory : gimp (MDVSA-2009:332-1)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2009-345-01.NASL
    descriptionNew gimp packages are available for Slackware 12.1, 12.2, 13.0, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id43112
    published2009-12-14
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/43112
    titleSlackware 12.1 / 12.2 / 13.0 / current : gimp (SSA:2009-345-01)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_GIMP-100318.NASL
    descriptionInteger overflows in the BMP and PSD plug-ins potentially allowed attackers to execute arbitrary code on the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id45535
    published2010-04-15
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/45535
    titleopenSUSE Security Update : gimp (openSUSE-SU-2010:0115-1)

Oval

accepted2010-03-01T04:00:17.105-05:00
classvulnerability
contributors
namePai Peng
organizationHewlett-Packard
definition_extensions
  • commentSolaris 10 (SPARC) is installed
    ovaloval:org.mitre.oval:def:1440
  • commentSolaris 10 (x86) is installed
    ovaloval:org.mitre.oval:def:1926
descriptionInteger overflow in the ReadImage function in plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a BMP file with crafted width and height values that trigger a heap-based buffer overflow.
familyunix
idoval:org.mitre.oval:def:8290
statusaccepted
submitted2010-01-19T17:52:34.000-05:00
titleAn Integer Overflow Vulnerability in GIMP(1) May Lead to Denial of Service (DoS) or Execution of Arbitrary Code
version35

Redhat

advisories
  • rhsa
    idRHSA-2011:0837
  • rhsa
    idRHSA-2011:0838
rpms
  • gimp-1:2.0.5-7.0.7.el4.1
  • gimp-debuginfo-1:2.0.5-7.0.7.el4.1
  • gimp-devel-1:2.0.5-7.0.7.el4.1
  • gimp-2:2.2.13-2.0.7.el5_6.2
  • gimp-debuginfo-2:2.2.13-2.0.7.el5_6.2
  • gimp-devel-2:2.2.13-2.0.7.el5_6.2
  • gimp-libs-2:2.2.13-2.0.7.el5_6.2

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 37006 CVE ID: CVE-2009-1570 GIMP是GNU Image Manipulation Program(GNU图像处理程序)的缩写,是一款跨平台的图像处理软件。 GIMP的plug-ins/file-bmp/bmp-read.c文件中的ReadImage()函数存在最终可导致堆溢出的整数溢出漏洞。如果用户受骗打开了特制的BMP文件,就可能触发这个溢出,导致执行任意代码。 GIMP 2.6.7 厂商补丁: GIMP ---- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://git.gnome.org/cgit/gimp/commit/?id=e3afc99b2fa7aeddf0dba4778663160a5bc682d3
idSSV:12629
last seen2017-11-19
modified2009-11-13
published2009-11-13
reporterRoot
titleGIMP BMP图形解析整数溢出漏洞