Vulnerabilities > CVE-2009-3909 - Integer Overflow or Wraparound vulnerability in Gimp 2.6.7
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Integer overflow in the read_channel_data function in plug-ins/file-psd/psd-load.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a crafted PSD file that triggers a heap-based buffer overflow.
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Forced Integer Overflow This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201209-23.NASL description The remote host is affected by the vulnerability described in GLSA-201209-23 (GIMP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in GIMP. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 62379 published 2012-09-29 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62379 title GLSA-201209-23 : GIMP: Multiple vulnerabilities NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-1181.NASL description From Red Hat Security Advisory 2012:1181 : Updated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the GIMP last seen 2020-06-01 modified 2020-06-02 plugin id 68601 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68601 title Oracle Linux 5 : gimp (ELSA-2012-1181) NASL family SuSE Local Security Checks NASL id SUSE_11_2_GIMP-100318.NASL description Integer overflows in the BMP and PSD plug-ins potentially allowed attackers to execute arbitrary code on the victim last seen 2020-06-01 modified 2020-06-02 plugin id 45537 published 2010-04-15 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/45537 title openSUSE Security Update : gimp (openSUSE-SU-2010:0115-1) NASL family SuSE Local Security Checks NASL id SUSE_11_GIMP-100318.NASL description Integer overflows in the BMP and PSD plug-ins potentially allowed attackers to execute arbitrary code on the victim last seen 2020-06-01 modified 2020-06-02 plugin id 50910 published 2010-12-02 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50910 title SuSE 11 Security Update : gimp (SAT Patch Number 2155) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-1181.NASL description Updated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the GIMP last seen 2020-06-01 modified 2020-06-02 plugin id 61604 published 2012-08-21 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61604 title RHEL 5 : gimp (RHSA-2012:1181) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1941.NASL description Several integer overflows, buffer overflows and memory allocation errors were discovered in the Poppler PDF rendering library, which may lead to denial of service or the execution of arbitrary code if a user is tricked into opening a malformed PDF document. An update for the old stable distribution (etch) will be issued soon as version 0.4.5-5.1etch4. last seen 2020-06-01 modified 2020-06-02 plugin id 44806 published 2010-02-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44806 title Debian DSA-1941-1 : poppler - several vulnerabilities NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-880-1.NASL description Stefan Cornelius discovered that GIMP did not correctly handle certain malformed BMP files. If a user were tricked into opening a specially crafted BMP file, an attacker could execute arbitrary code with the user last seen 2020-06-01 modified 2020-06-02 plugin id 43825 published 2010-01-08 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43825 title Ubuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : gimp vulnerabilities (USN-880-1) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2012-1181.NASL description Updated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the GIMP last seen 2020-06-01 modified 2020-06-02 plugin id 61600 published 2012-08-21 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61600 title CentOS 5 : gimp (CESA-2012:1181) NASL family SuSE Local Security Checks NASL id SUSE_GIMP-6882.NASL description Integer overflows in the BMP and PSD plug-ins potentially allowed attackers to execute arbitrary code on the victim last seen 2020-06-01 modified 2020-06-02 plugin id 51747 published 2011-01-27 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51747 title SuSE 10 Security Update : gimp (ZYPP Patch Number 6882) NASL family SuSE Local Security Checks NASL id SUSE_GIMP-6880.NASL description Integer overflows in the BMP and PSD plug-ins potentially allowed attackers to execute arbitrary code on the victim last seen 2020-06-01 modified 2020-06-02 plugin id 51746 published 2011-01-27 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51746 title SuSE 10 Security Update : gimp (ZYPP Patch Number 6880) NASL family SuSE Local Security Checks NASL id SUSE_11_0_GIMP-100318.NASL description Integer overflows in the BMP plug-in potentially allowed attackers to execute arbitrary code on the victim last seen 2020-06-01 modified 2020-06-02 plugin id 45532 published 2010-04-15 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/45532 title openSUSE Security Update : gimp (openSUSE-SU-2010:0110-1) NASL family Scientific Linux Local Security Checks NASL id SL_20120820_GIMP_ON_SL5_X.NASL description The GIMP (GNU Image Manipulation Program) is an image composition and editing program. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the GIMP last seen 2020-03-18 modified 2012-08-21 plugin id 61605 published 2012-08-21 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61605 title Scientific Linux Security Update : gimp on SL5.x i386/x86_64 (20120820) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-332.NASL description A vulnerability was discovered and corrected in gimp : Integer overflow in the read_channel_data function in plug-ins/file-psd/psd-load.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a crafted PSD file that triggers a heap-based buffer overflow (CVE-2009-3909). Additionally the patch for CVE-2009-1570 in MDVSA-2009:296 was incomplete, this update corrects this as well. This update provides a solution to this vulnerability. Update : Packages for 2009.0 are provided due to the Extended Maintenance Program. last seen 2020-06-01 modified 2020-06-02 plugin id 46175 published 2010-04-29 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/46175 title Mandriva Linux Security Advisory : gimp (MDVSA-2009:332-1) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2009-345-01.NASL description New gimp packages are available for Slackware 12.1, 12.2, 13.0, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 43112 published 2009-12-14 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/43112 title Slackware 12.1 / 12.2 / 13.0 / current : gimp (SSA:2009-345-01) NASL family SuSE Local Security Checks NASL id SUSE_11_1_GIMP-100318.NASL description Integer overflows in the BMP and PSD plug-ins potentially allowed attackers to execute arbitrary code on the victim last seen 2020-06-01 modified 2020-06-02 plugin id 45535 published 2010-04-15 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/45535 title openSUSE Security Update : gimp (openSUSE-SU-2010:0115-1)
Redhat
| advisories |
| ||||
| rpms |
|
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 37040 CVE(CAN) ID: CVE-2009-3909 GIMP是GNU Image Manipulation Program(GNU图像处理程序)的缩写,是一款跨平台的图像处理软件。 GIMP的plug-ins/file-psd/psd-load.c文件中的read_channel_data()函数存在最终可导致堆溢出的整数溢出漏洞,用户受骗打开恶意的PSD文件就可以触发这个溢出,导致执行任意代码。 GIMP 2.6.7 厂商补丁: GIMP ---- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://git.gnome.org/cgit/gimp/commit/?id=0e440cb6d4d6ee029667363d244aff61b154c33c http://git.gnome.org/cgit/gimp/commit/?id=9cc8d78ff33b7a36852b74e64b427489cad44d0e |
| id | SSV:14960 |
| last seen | 2017-11-19 |
| modified | 2009-11-23 |
| published | 2009-11-23 |
| reporter | Root |
| title | GIMP PSD图形解析整数溢出溢出漏洞 |
References
- http://secunia.com/secunia_research/2009-43/
- http://secunia.com/advisories/37348
- http://git.gnome.org/cgit/gimp/commit/?id=0e440cb6d4d6ee029667363d244aff61b154c33c
- http://git.gnome.org/cgit/gimp/commit/?id=9cc8d78ff33b7a36852b74e64b427489cad44d0e
- http://www.vupen.com/english/advisories/2009/3270
- https://bugzilla.gnome.org/show_bug.cgi?id=600741
- http://www.securityfocus.com/bid/37040
- http://osvdb.org/60178
- http://www.debian.org/security/2009/dsa-1941
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:332
- http://www.vupen.com/english/advisories/2010/1021
- http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html
- http://rhn.redhat.com/errata/RHSA-2012-1181.html
- http://secunia.com/advisories/50737
- http://security.gentoo.org/glsa/glsa-201209-23.xml
- http://www.securityfocus.com/archive/1/507928/100/0/threaded