Vulnerabilities > CVE-2012-3403 - Out-of-bounds Write vulnerability in Gimp

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

Heap-based buffer overflow in the KiSS CEL file format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted KiSS palette file, which triggers an "invalid free."

Vulnerable Configurations

Part Description Count
Application
Gimp
186

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2012-1180.NASL
    descriptionUpdated gimp packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP
    last seen2020-06-01
    modified2020-06-02
    plugin id61599
    published2012-08-21
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61599
    titleCentOS 6 : gimp (CESA-2012:1180)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2012:1180 and 
    # CentOS Errata and Security Advisory 2012:1180 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(61599);
      script_version("1.9");
      script_cvs_date("Date: 2020/01/07");
    
      script_cve_id("CVE-2011-2896", "CVE-2012-3403", "CVE-2012-3481");
      script_xref(name:"RHSA", value:"2012:1180");
    
      script_name(english:"CentOS 6 : gimp (CESA-2012:1180)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated gimp packages that fix three security issues are now available
    for Red Hat Enterprise Linux 6.
    
    The Red Hat Security Response Team has rated this update as having
    moderate security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    The GIMP (GNU Image Manipulation Program) is an image composition and
    editing program.
    
    An integer overflow flaw, leading to a heap-based buffer overflow, was
    found in the GIMP's GIF image format plug-in. An attacker could create
    a specially crafted GIF image file that, when opened, could cause the
    GIF plug-in to crash or, potentially, execute arbitrary code with the
    privileges of the user running the GIMP. (CVE-2012-3481)
    
    A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch
    (LZW) decompression algorithm implementation used by the GIMP's GIF
    image format plug-in. An attacker could create a specially crafted GIF
    image file that, when opened, could cause the GIF plug-in to crash or,
    potentially, execute arbitrary code with the privileges of the user
    running the GIMP. (CVE-2011-2896)
    
    A heap-based buffer overflow flaw was found in the GIMP's KiSS CEL
    file format plug-in. An attacker could create a specially crafted KiSS
    palette file that, when opened, could cause the CEL plug-in to crash
    or, potentially, execute arbitrary code with the privileges of the
    user running the GIMP. (CVE-2012-3403)
    
    Red Hat would like to thank Matthias Weckbecker of the SUSE Security
    Team for reporting the CVE-2012-3481 issue.
    
    Users of the GIMP are advised to upgrade to these updated packages,
    which contain backported patches to correct these issues. The GIMP
    must be restarted for the update to take effect."
      );
      # https://lists.centos.org/pipermail/centos-announce/2012-August/018813.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?7e02ea4c"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected gimp packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-3403");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gimp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gimp-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gimp-devel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gimp-help-browser");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gimp-libs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/08/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/08/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/21");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 6.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-6", reference:"gimp-2.6.9-4.el6_3.3")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"gimp-devel-2.6.9-4.el6_3.3")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"gimp-devel-tools-2.6.9-4.el6_3.3")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"gimp-help-browser-2.6.9-4.el6_3.3")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"gimp-libs-2.6.9-4.el6_3.3")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gimp / gimp-devel / gimp-devel-tools / gimp-help-browser / etc");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-12293.NASL
    descriptionAmong other things this update fixes security and stability issues in various image format loaders. Security issues fixed include CVE-2012-3403 and CVE-2012-3481. Overview of Changes from GIMP 2.8.0 to GIMP 2.8.2 ================================================= Core : - Make tag matching always case-insensitive - Let the tile-cache-size default to half the physical memory GUI : - Mention that the image was exported in the close warning dialog - Make sure popup windows appear on top on OSX - Allow file opening by dropping to the OSX dock - Fix the visibility logic of the export/overwrite menu items - Remove all
    last seen2020-03-17
    modified2012-09-18
    plugin id62135
    published2012-09-18
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/62135
    titleFedora 18 : gimp-2.8.2-1.fc18 (2012-12293)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2012-12293.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(62135);
      script_version("1.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2012-3403", "CVE-2012-3481");
      script_xref(name:"FEDORA", value:"2012-12293");
    
      script_name(english:"Fedora 18 : gimp-2.8.2-1.fc18 (2012-12293)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Among other things this update fixes security and stability issues in
    various image format loaders. Security issues fixed include
    CVE-2012-3403 and CVE-2012-3481.
    
    Overview of Changes from GIMP 2.8.0 to GIMP 2.8.2
    =================================================
    
    Core :
    
      - Make tag matching always case-insensitive
    
        - Let the tile-cache-size default to half the physical
          memory
    
    GUI :
    
      - Mention that the image was exported in the close warning
        dialog
    
        - Make sure popup windows appear on top on OSX
    
        - Allow file opening by dropping to the OSX dock
    
        - Fix the visibility logic of the export/overwrite menu
          items
    
        - Remove all 'Use GEGL' menu items, they only add bugs
          and zero function
    
        - Improve performance of display filters, especially
          color management
    
        - Fix the image window title to comply with the
          save/export spec and use the same image name
          everywhere, not only in the title
    
      - Fix positioning of pasted/dropped stuff to be more
        reasonable
    
    Libgimp :
    
      - Move gimpdir and thumbnails to proper locations on OSX
    
        - Implement relocation on OSX
    
        - Allow to use $(gimp_installation_dir) in config files
    
    Plug-ins :
    
      - Fix remembering of JPEG load/save defaults
    
        - Revive the page setup dialog on Windows
    
    Source and build system :
    
      - Add Windows installer infrastructure
    
        - Add infrastructure to build GIMP.app on OSX
    
    General :
    
      - Lots of bug fixes
    
        - List of translation updates
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=839020"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=847303"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2012-September/086964.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?2c849e84"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected gimp package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gimp");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:18");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/08/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/18");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^18([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 18.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC18", reference:"gimp-2.8.2-1.fc18")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gimp");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_GIMP-8251.NASL
    descriptionThis update of The Gimp fixes a heap overflow that could have been exploited by attackers to cause a Denial of Service (application crash) or even to potentially execute arbitrary code. (CVE-2012-3402)
    last seen2020-06-05
    modified2012-08-23
    plugin id61641
    published2012-08-23
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61641
    titleSuSE 10 Security Update : gimp (ZYPP Patch Number 8251)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(61641);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2012-3402", "CVE-2012-3403");
    
      script_name(english:"SuSE 10 Security Update : gimp (ZYPP Patch Number 8251)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 10 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update of The Gimp fixes a heap overflow that could have been
    exploited by attackers to cause a Denial of Service (application
    crash) or even to potentially execute arbitrary code. (CVE-2012-3402)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-3402.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-3403.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 8251.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/08/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/08/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/23");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SLED10", sp:4, reference:"gimp-2.2.10-22.44.1")) flag++;
    if (rpm_check(release:"SLED10", sp:4, reference:"gimp-devel-2.2.10-22.44.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20120820_GIMP_ON_SL6_X.NASL
    descriptionThe GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP
    last seen2020-03-18
    modified2012-08-21
    plugin id61606
    published2012-08-21
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61606
    titleScientific Linux Security Update : gimp on SL6.x i386/x86_64 (20120820)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(61606);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/27");
    
      script_cve_id("CVE-2011-2896", "CVE-2012-3403", "CVE-2012-3481");
    
      script_name(english:"Scientific Linux Security Update : gimp on SL6.x i386/x86_64 (20120820)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The GIMP (GNU Image Manipulation Program) is an image composition and
    editing program.
    
    An integer overflow flaw, leading to a heap-based buffer overflow, was
    found in the GIMP's GIF image format plug-in. An attacker could create
    a specially crafted GIF image file that, when opened, could cause the
    GIF plug-in to crash or, potentially, execute arbitrary code with the
    privileges of the user running the GIMP. (CVE-2012-3481)
    
    A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch
    (LZW) decompression algorithm implementation used by the GIMP's GIF
    image format plug-in. An attacker could create a specially crafted GIF
    image file that, when opened, could cause the GIF plug-in to crash or,
    potentially, execute arbitrary code with the privileges of the user
    running the GIMP. (CVE-2011-2896)
    
    A heap-based buffer overflow flaw was found in the GIMP's KiSS CEL
    file format plug-in. An attacker could create a specially crafted KiSS
    palette file that, when opened, could cause the CEL plug-in to crash
    or, potentially, execute arbitrary code with the privileges of the
    user running the GIMP. (CVE-2012-3403)
    
    Users of the GIMP are advised to upgrade to these updated packages,
    which contain backported patches to correct these issues. The GIMP
    must be restarted for the update to take effect."
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1208&L=scientific-linux-errata&T=0&P=1717
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?a5b34bf3"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gimp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gimp-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gimp-devel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gimp-help-browser");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gimp-libs");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/08/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/08/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/21");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL6", reference:"gimp-2.6.9-4.el6_3.3")) flag++;
    if (rpm_check(release:"SL6", reference:"gimp-devel-2.6.9-4.el6_3.3")) flag++;
    if (rpm_check(release:"SL6", reference:"gimp-devel-tools-2.6.9-4.el6_3.3")) flag++;
    if (rpm_check(release:"SL6", reference:"gimp-help-browser-2.6.9-4.el6_3.3")) flag++;
    if (rpm_check(release:"SL6", reference:"gimp-libs-2.6.9-4.el6_3.3")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gimp / gimp-devel / gimp-devel-tools / gimp-help-browser / etc");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-1181.NASL
    descriptionFrom Red Hat Security Advisory 2012:1181 : Updated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the GIMP
    last seen2020-06-01
    modified2020-06-02
    plugin id68601
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68601
    titleOracle Linux 5 : gimp (ELSA-2012-1181)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2012:1181 and 
    # Oracle Linux Security Advisory ELSA-2012-1181 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(68601);
      script_version("1.5");
      script_cvs_date("Date: 2019/09/30 10:58:17");
    
      script_cve_id("CVE-2009-3909", "CVE-2011-2896", "CVE-2012-3402", "CVE-2012-3403", "CVE-2012-3481");
      script_xref(name:"RHSA", value:"2012:1181");
    
      script_name(english:"Oracle Linux 5 : gimp (ELSA-2012-1181)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2012:1181 :
    
    Updated gimp packages that fix multiple security issues are now
    available for Red Hat Enterprise Linux 5.
    
    The Red Hat Security Response Team has rated this update as having
    moderate security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    The GIMP (GNU Image Manipulation Program) is an image composition and
    editing program.
    
    Multiple integer overflow flaws, leading to heap-based buffer
    overflows, were found in the GIMP's Adobe Photoshop (PSD) image file
    plug-in. An attacker could create a specially crafted PSD image file
    that, when opened, could cause the PSD plug-in to crash or,
    potentially, execute arbitrary code with the privileges of the user
    running the GIMP. (CVE-2009-3909, CVE-2012-3402)
    
    An integer overflow flaw, leading to a heap-based buffer overflow, was
    found in the GIMP's GIF image format plug-in. An attacker could create
    a specially crafted GIF image file that, when opened, could cause the
    GIF plug-in to crash or, potentially, execute arbitrary code with the
    privileges of the user running the GIMP. (CVE-2012-3481)
    
    A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch
    (LZW) decompression algorithm implementation used by the GIMP's GIF
    image format plug-in. An attacker could create a specially crafted GIF
    image file that, when opened, could cause the GIF plug-in to crash or,
    potentially, execute arbitrary code with the privileges of the user
    running the GIMP. (CVE-2011-2896)
    
    A heap-based buffer overflow flaw was found in the GIMP's KiSS CEL
    file format plug-in. An attacker could create a specially crafted KiSS
    palette file that, when opened, could cause the CEL plug-in to crash
    or, potentially, execute arbitrary code with the privileges of the
    user running the GIMP. (CVE-2012-3403)
    
    Red Hat would like to thank Secunia Research for reporting
    CVE-2009-3909, and Matthias Weckbecker of the SUSE Security Team for
    reporting CVE-2012-3481.
    
    Users of the GIMP are advised to upgrade to these updated packages,
    which contain backported patches to correct these issues. The GIMP
    must be restarted for the update to take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2012-August/002985.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected gimp packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_cwe_id(189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gimp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gimp-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gimp-libs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/11/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/08/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL5", reference:"gimp-2.2.13-2.0.7.el5_8.5")) flag++;
    if (rpm_check(release:"EL5", reference:"gimp-devel-2.2.13-2.0.7.el5_8.5")) flag++;
    if (rpm_check(release:"EL5", reference:"gimp-libs-2.2.13-2.0.7.el5_8.5")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gimp / gimp-devel / gimp-libs");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2813.NASL
    descriptionMurray McAllister discovered multiple integer and buffer overflows in the XWD plugin in Gimp, which can result in the execution of arbitrary code.
    last seen2020-03-17
    modified2013-12-10
    plugin id71276
    published2013-12-10
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71276
    titleDebian DSA-2813-1 : gimp - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-2813. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(71276);
      script_version("1.12");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2013-1913", "CVE-2013-1978");
      script_bugtraq_id(64098, 64105);
      script_xref(name:"DSA", value:"2813");
    
      script_name(english:"Debian DSA-2813-1 : gimp - several vulnerabilities");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Murray McAllister discovered multiple integer and buffer overflows in
    the XWD plugin in Gimp, which can result in the execution of arbitrary
    code."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2012-3403"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2012-3481"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2012-5576"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/squeeze/gimp"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/wheezy/gimp"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2013/dsa-2813"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the gimp packages.
    
    For the oldstable distribution (squeeze), these problems have been
    fixed in version 2.6.10-1+squeeze4. This update also fixes
    CVE-2012-3403, CVE-2012-3481 and CVE-2012-5576.
    
    For the stable distribution (wheezy), these problems have been fixed
    in version 2.8.2-2+deb7u1."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gimp");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/12/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/10");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"6.0", prefix:"gimp", reference:"2.6.10-1+squeeze4")) flag++;
    if (deb_check(release:"6.0", prefix:"gimp-data", reference:"2.6.10-1+squeeze4")) flag++;
    if (deb_check(release:"6.0", prefix:"gimp-dbg", reference:"2.6.10-1+squeeze4")) flag++;
    if (deb_check(release:"6.0", prefix:"libgimp2.0", reference:"2.6.10-1+squeeze4")) flag++;
    if (deb_check(release:"6.0", prefix:"libgimp2.0-dev", reference:"2.6.10-1+squeeze4")) flag++;
    if (deb_check(release:"6.0", prefix:"libgimp2.0-doc", reference:"2.6.10-1+squeeze4")) flag++;
    if (deb_check(release:"7.0", prefix:"gimp", reference:"2.8.2-2+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"gimp-data", reference:"2.8.2-2+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"gimp-dbg", reference:"2.8.2-2+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"libgimp2.0", reference:"2.8.2-2+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"libgimp2.0-dev", reference:"2.8.2-2+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"libgimp2.0-doc", reference:"2.8.2-2+deb7u1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-1181.NASL
    descriptionUpdated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the GIMP
    last seen2020-06-01
    modified2020-06-02
    plugin id61604
    published2012-08-21
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61604
    titleRHEL 5 : gimp (RHSA-2012:1181)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2012:1181. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(61604);
      script_version ("1.14");
      script_cvs_date("Date: 2019/10/24 15:35:36");
    
      script_cve_id("CVE-2009-3909", "CVE-2011-2896", "CVE-2012-3402", "CVE-2012-3403", "CVE-2012-3481");
      script_xref(name:"RHSA", value:"2012:1181");
    
      script_name(english:"RHEL 5 : gimp (RHSA-2012:1181)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated gimp packages that fix multiple security issues are now
    available for Red Hat Enterprise Linux 5.
    
    The Red Hat Security Response Team has rated this update as having
    moderate security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    The GIMP (GNU Image Manipulation Program) is an image composition and
    editing program.
    
    Multiple integer overflow flaws, leading to heap-based buffer
    overflows, were found in the GIMP's Adobe Photoshop (PSD) image file
    plug-in. An attacker could create a specially crafted PSD image file
    that, when opened, could cause the PSD plug-in to crash or,
    potentially, execute arbitrary code with the privileges of the user
    running the GIMP. (CVE-2009-3909, CVE-2012-3402)
    
    An integer overflow flaw, leading to a heap-based buffer overflow, was
    found in the GIMP's GIF image format plug-in. An attacker could create
    a specially crafted GIF image file that, when opened, could cause the
    GIF plug-in to crash or, potentially, execute arbitrary code with the
    privileges of the user running the GIMP. (CVE-2012-3481)
    
    A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch
    (LZW) decompression algorithm implementation used by the GIMP's GIF
    image format plug-in. An attacker could create a specially crafted GIF
    image file that, when opened, could cause the GIF plug-in to crash or,
    potentially, execute arbitrary code with the privileges of the user
    running the GIMP. (CVE-2011-2896)
    
    A heap-based buffer overflow flaw was found in the GIMP's KiSS CEL
    file format plug-in. An attacker could create a specially crafted KiSS
    palette file that, when opened, could cause the CEL plug-in to crash
    or, potentially, execute arbitrary code with the privileges of the
    user running the GIMP. (CVE-2012-3403)
    
    Red Hat would like to thank Secunia Research for reporting
    CVE-2009-3909, and Matthias Weckbecker of the SUSE Security Team for
    reporting CVE-2012-3481.
    
    Users of the GIMP are advised to upgrade to these updated packages,
    which contain backported patches to correct these issues. The GIMP
    must be restarted for the update to take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2012:1181"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2011-2896"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-3403"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-3481"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-3402"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-3909"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_cwe_id(189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gimp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gimp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gimp-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gimp-libs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/08/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/21");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2012:1181";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"gimp-2.2.13-2.0.7.el5_8.5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"gimp-2.2.13-2.0.7.el5_8.5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"gimp-2.2.13-2.0.7.el5_8.5")) flag++;
      if (rpm_check(release:"RHEL5", reference:"gimp-debuginfo-2.2.13-2.0.7.el5_8.5")) flag++;
      if (rpm_check(release:"RHEL5", reference:"gimp-devel-2.2.13-2.0.7.el5_8.5")) flag++;
      if (rpm_check(release:"RHEL5", reference:"gimp-libs-2.2.13-2.0.7.el5_8.5")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gimp / gimp-debuginfo / gimp-devel / gimp-libs");
      }
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2013-082.NASL
    descriptionUpdated gimp packages fix security vulnerabilities : An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP
    last seen2020-06-01
    modified2020-06-02
    plugin id66096
    published2013-04-20
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/66096
    titleMandriva Linux Security Advisory : gimp (MDVSA-2013:082)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2013:082. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(66096);
      script_version("1.7");
      script_cvs_date("Date: 2019/08/02 13:32:55");
    
      script_cve_id("CVE-2012-3236", "CVE-2012-3403", "CVE-2012-3481", "CVE-2012-5576");
      script_bugtraq_id(54246, 55101, 56647);
      script_xref(name:"MDVSA", value:"2013:082");
      script_xref(name:"MGASA", value:"2012-0236");
      script_xref(name:"MGASA", value:"2012-0286");
      script_xref(name:"MGASA", value:"2012-0360");
    
      script_name(english:"Mandriva Linux Security Advisory : gimp (MDVSA-2013:082)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandriva Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated gimp packages fix security vulnerabilities :
    
    An integer overflow flaw, leading to a heap-based buffer overflow, was
    found in the GIMP's GIF image format plug-in. An attacker could create
    a specially crafted GIF image file that, when opened, could cause the
    GIF plug-in to crash or, potentially, execute arbitrary code with the
    privileges of the user running the GIMP (CVE-2012-3481).
    
    A heap-based buffer overflow flaw was found in the GIMP's KiSS CEL
    file format plug-in. An attacker could create a specially crafted KiSS
    palette file that, when opened, could cause the CEL plug-in to crash
    or, potentially, execute arbitrary code with the privileges of the
    user running the GIMP (CVE-2012-3403).
    
    fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a
    denial of service (NULL pointer dereference and application crash) via
    a malformed XTENSION header of a .fit file, as demonstrated using a
    long string. (CVE-2012-3236)
    
    GIMP 2.8.2 and earlier is vulnerable to memory corruption when reading
    XWD files, which could lead even to arbitrary code execution
    (CVE-2012-5576).
    
    Additionally it fixes partial translations in several languages.
    
    This gimp update provides the stable maintenance release 2.8.2 which
    fixes the above security issues."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gimp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gimp-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64gimp2.0-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64gimp2.0_0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/04/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/04/20");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"gimp-2.8.2-1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"gimp-python-2.8.2-1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64gimp2.0-devel-2.8.2-1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64gimp2.0_0-2.8.2-1.mbs1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-12383.NASL
    descriptionAmong other things this update fixes security and stability issues in various image format loaders. Security issues fixed include CVE-2012-3403 and CVE-2012-3481. Overview of Changes from GIMP 2.8.0 to GIMP 2.8.2 ================================================= Core : - Make tag matching always case-insensitive - Let the tile-cache-size default to half the physical memory GUI : - Mention that the image was exported in the close warning dialog - Make sure popup windows appear on top on OSX - Allow file opening by dropping to the OSX dock - Fix the visibility logic of the export/overwrite menu items - Remove all
    last seen2020-03-17
    modified2012-08-29
    plugin id61703
    published2012-08-29
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/61703
    titleFedora 17 : gimp-2.8.2-1.fc17 (2012-12383)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2012-12383.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(61703);
      script_version("1.9");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2012-3403", "CVE-2012-3481");
      script_bugtraq_id(55101);
      script_xref(name:"FEDORA", value:"2012-12383");
    
      script_name(english:"Fedora 17 : gimp-2.8.2-1.fc17 (2012-12383)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Among other things this update fixes security and stability issues in
    various image format loaders. Security issues fixed include
    CVE-2012-3403 and CVE-2012-3481.
    
    Overview of Changes from GIMP 2.8.0 to GIMP 2.8.2
    =================================================
    
    Core :
    
      - Make tag matching always case-insensitive
    
        - Let the tile-cache-size default to half the physical
          memory
    
    GUI :
    
      - Mention that the image was exported in the close warning
        dialog
    
        - Make sure popup windows appear on top on OSX
    
        - Allow file opening by dropping to the OSX dock
    
        - Fix the visibility logic of the export/overwrite menu
          items
    
        - Remove all 'Use GEGL' menu items, they only add bugs
          and zero function
    
        - Improve performance of display filters, especially
          color management
    
        - Fix the image window title to comply with the
          save/export spec and use the same image name
          everywhere, not only in the title
    
      - Fix positioning of pasted/dropped stuff to be more
        reasonable
    
    Libgimp :
    
      - Move gimpdir and thumbnails to proper locations on OSX
    
        - Implement relocation on OSX
    
        - Allow to use $(gimp_installation_dir) in config files
    
    Plug-ins :
    
      - Fix remembering of JPEG load/save defaults
    
        - Revive the page setup dialog on Windows
    
    Source and build system :
    
      - Add Windows installer infrastructure
    
        - Add infrastructure to build GIMP.app on OSX
    
    General :
    
      - Lots of bug fixes
    
        - List of translation updates
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=839020"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=847303"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2012-August/085728.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?5dab0380"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected gimp package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gimp");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:17");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/08/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/29");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^17([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 17.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC17", reference:"gimp-2.8.2-1.fc17")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gimp");
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201311-05.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201311-05 (GIMP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in GIMP. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted KiSS palette, GIF image or XWD file using GIMP, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id70835
    published2013-11-11
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/70835
    titleGLSA-201311-05 : GIMP: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201311-05.
    #
    # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(70835);
      script_version("1.6");
      script_cvs_date("Date: 2018/07/12 19:01:15");
    
      script_cve_id("CVE-2012-3403", "CVE-2012-3481", "CVE-2012-5576");
      script_bugtraq_id(55101, 56647);
      script_xref(name:"GLSA", value:"201311-05");
    
      script_name(english:"GLSA-201311-05 : GIMP: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201311-05
    (GIMP: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in GIMP. Please review the
          CVE identifiers referenced below for details.
      
    Impact :
    
        A remote attacker could entice a user to open a specially crafted KiSS
          palette, GIF image or XWD file using GIMP, possibly resulting in
          execution of arbitrary code with the privileges of the process or a
          Denial of Service condition.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201311-05"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All GIMP users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=media-gfx/gimp-2.8.2-r1'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:gimp");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/11/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/11/11");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"media-gfx/gimp", unaffected:make_list("ge 2.8.2-r1"), vulnerable:make_list("lt 2.8.2-r1"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "GIMP");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_GIMP-120816.NASL
    descriptionThis update of The Gimp fixes a heap overflow that could have been exploited by attackers to cause a Denial of Service (application crash) or even to potentially execute arbitrary code. (CVE-2012-3403)
    last seen2020-06-05
    modified2013-01-25
    plugin id64148
    published2013-01-25
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64148
    titleSuSE 11.1 Security Update : gimp (SAT Patch Number 6683)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from SuSE 11 update information. The text itself is
    # copyright (C) Novell, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(64148);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2012-3403");
    
      script_name(english:"SuSE 11.1 Security Update : gimp (SAT Patch Number 6683)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 11 host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update of The Gimp fixes a heap overflow that could have been
    exploited by attackers to cause a Denial of Service (application
    crash) or even to potentially execute arbitrary code. (CVE-2012-3403)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=775433"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-3403.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply SAT patch number 6683.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:gimp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:gimp-lang");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:gimp-plugins-python");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/08/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/25");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
    
    pl = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, "SuSE 11.1");
    
    
    flag = 0;
    if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"gimp-2.6.2-3.34.37.1")) flag++;
    if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"gimp-lang-2.6.2-3.34.37.1")) flag++;
    if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"gimp-plugins-python-2.6.2-3.34.37.1")) flag++;
    if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"gimp-2.6.2-3.34.37.1")) flag++;
    if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"gimp-lang-2.6.2-3.34.37.1")) flag++;
    if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"gimp-plugins-python-2.6.2-3.34.37.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2012-142.NASL
    descriptionMultiple vulnerabilities has been discovered and corrected in gimp : A heap-based buffer overflow flaw, leading to invalid free, was found in the way KISS CEL file format plug-in of Gimp, the GNU Image Manipulation Program, performed loading of certain palette files. A remote attacker could provide a specially crafted KISS palette file that, when opened in Gimp would cause the CEL plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the gimp executable (CVE-2012-3403). Integer overflow, leading to heap-based buffer overflow flaw was found in the GIMP
    last seen2020-06-01
    modified2020-06-02
    plugin id61987
    published2012-09-06
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/61987
    titleMandriva Linux Security Advisory : gimp (MDVSA-2012:142)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2012:142. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(61987);
      script_version("1.8");
      script_cvs_date("Date: 2019/08/02 13:32:54");
    
      script_cve_id("CVE-2012-3403", "CVE-2012-3481");
      script_bugtraq_id(55101);
      script_xref(name:"MDVSA", value:"2012:142");
    
      script_name(english:"Mandriva Linux Security Advisory : gimp (MDVSA-2012:142)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandriva Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Multiple vulnerabilities has been discovered and corrected in gimp :
    
    A heap-based buffer overflow flaw, leading to invalid free, was found
    in the way KISS CEL file format plug-in of Gimp, the GNU Image
    Manipulation Program, performed loading of certain palette files. A
    remote attacker could provide a specially crafted KISS palette file
    that, when opened in Gimp would cause the CEL plug-in to crash or,
    potentially, execute arbitrary code with the privileges of the user
    running the gimp executable (CVE-2012-3403).
    
    Integer overflow, leading to heap-based buffer overflow flaw was found
    in the GIMP's GIF (Graphics Interchange Format) image file plug-in. An
    attacker could create a specially crafted GIF image file that, when
    opened, could cause the GIF plug-in to crash or, potentially, execute
    arbitrary code with the privileges of the user running the GIMP
    (CVE-2012-3481).
    
    The updated gimp packages have been upgraded to the 2.6.12 version and
    patched to correct these issues.
    
    Additionally for Mandriva Enterprise server 5 the gegl packages was
    upgraded to the 0.0.22 version and rebuilt for ffmpeg 0.5.9, the
    enscript packages was added because of a build dependency, the
    gutenprint and mtink packages was rebuilt against the gimp 2.6.12
    libraries."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gimp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gimp-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64gimp2.0-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64gimp2.0_0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libgimp2.0-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libgimp2.0_0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2011");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/08/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/06");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK2011", reference:"gimp-2.6.12-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", reference:"gimp-python-2.6.12-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64gimp2.0-devel-2.6.12-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64gimp2.0_0-2.6.12-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libgimp2.0-devel-2.6.12-0.1-mdv2011.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libgimp2.0_0-2.6.12-0.1-mdv2011.0", yank:"mdv")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-543.NASL
    descriptionMultiple integer overflows in various decoder plug-ins of GIMP have been fixed.
    last seen2020-06-05
    modified2014-06-13
    plugin id74735
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74735
    titleopenSUSE Security Update : gimp (openSUSE-SU-2012:1080-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2012-543.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(74735);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2012-2763", "CVE-2012-3236", "CVE-2012-3403", "CVE-2012-3481");
    
      script_name(english:"openSUSE Security Update : gimp (openSUSE-SU-2012:1080-1)");
      script_summary(english:"Check for the openSUSE-2012-543 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Multiple integer overflows in various decoder plug-ins of GIMP have
    been fixed."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=724628"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=763595"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=769565"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=775433"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2012-09/msg00001.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected gimp packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'GIMP script-fu Server Buffer Overflow');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gimp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gimp-branding-upstream");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gimp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gimp-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gimp-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gimp-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gimp-help-browser");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gimp-help-browser-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gimp-lang");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gimp-plugins-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gimp-plugins-python-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgimp-2_0-0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgimp-2_0-0-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgimp-2_0-0-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgimp-2_0-0-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgimpui-2_0-0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgimpui-2_0-0-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgimpui-2_0-0-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgimpui-2_0-0-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/07/12");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/08/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE12\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE12.1", reference:"gimp-2.6.11-28.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"gimp-branding-upstream-2.6.11-28.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"gimp-debuginfo-2.6.11-28.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"gimp-debugsource-2.6.11-28.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"gimp-devel-2.6.11-28.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"gimp-devel-debuginfo-2.6.11-28.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"gimp-help-browser-2.6.11-28.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"gimp-help-browser-debuginfo-2.6.11-28.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"gimp-lang-2.6.11-28.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"gimp-plugins-python-2.6.11-28.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"gimp-plugins-python-debuginfo-2.6.11-28.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"libgimp-2_0-0-2.6.11-28.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"libgimp-2_0-0-debuginfo-2.6.11-28.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"libgimpui-2_0-0-2.6.11-28.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", reference:"libgimpui-2_0-0-debuginfo-2.6.11-28.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libgimp-2_0-0-32bit-2.6.11-28.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libgimp-2_0-0-debuginfo-32bit-2.6.11-28.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libgimpui-2_0-0-32bit-2.6.11-28.26.1") ) flag++;
    if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libgimpui-2_0-0-debuginfo-32bit-2.6.11-28.26.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gimp");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-1180.NASL
    descriptionFrom Red Hat Security Advisory 2012:1180 : Updated gimp packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP
    last seen2020-06-01
    modified2020-06-02
    plugin id68600
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68600
    titleOracle Linux 6 : gimp (ELSA-2012-1180)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2012:1180 and 
    # Oracle Linux Security Advisory ELSA-2012-1180 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(68600);
      script_version("1.6");
      script_cvs_date("Date: 2019/09/30 10:58:17");
    
      script_cve_id("CVE-2011-2896", "CVE-2012-3403", "CVE-2012-3481");
      script_xref(name:"RHSA", value:"2012:1180");
    
      script_name(english:"Oracle Linux 6 : gimp (ELSA-2012-1180)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2012:1180 :
    
    Updated gimp packages that fix three security issues are now available
    for Red Hat Enterprise Linux 6.
    
    The Red Hat Security Response Team has rated this update as having
    moderate security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    The GIMP (GNU Image Manipulation Program) is an image composition and
    editing program.
    
    An integer overflow flaw, leading to a heap-based buffer overflow, was
    found in the GIMP's GIF image format plug-in. An attacker could create
    a specially crafted GIF image file that, when opened, could cause the
    GIF plug-in to crash or, potentially, execute arbitrary code with the
    privileges of the user running the GIMP. (CVE-2012-3481)
    
    A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch
    (LZW) decompression algorithm implementation used by the GIMP's GIF
    image format plug-in. An attacker could create a specially crafted GIF
    image file that, when opened, could cause the GIF plug-in to crash or,
    potentially, execute arbitrary code with the privileges of the user
    running the GIMP. (CVE-2011-2896)
    
    A heap-based buffer overflow flaw was found in the GIMP's KiSS CEL
    file format plug-in. An attacker could create a specially crafted KiSS
    palette file that, when opened, could cause the CEL plug-in to crash
    or, potentially, execute arbitrary code with the privileges of the
    user running the GIMP. (CVE-2012-3403)
    
    Red Hat would like to thank Matthias Weckbecker of the SUSE Security
    Team for reporting the CVE-2012-3481 issue.
    
    Users of the GIMP are advised to upgrade to these updated packages,
    which contain backported patches to correct these issues. The GIMP
    must be restarted for the update to take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2012-August/002984.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected gimp packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gimp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gimp-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gimp-devel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gimp-help-browser");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gimp-libs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/08/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/08/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL6", reference:"gimp-2.6.9-4.el6_3.3")) flag++;
    if (rpm_check(release:"EL6", reference:"gimp-devel-2.6.9-4.el6_3.3")) flag++;
    if (rpm_check(release:"EL6", reference:"gimp-devel-tools-2.6.9-4.el6_3.3")) flag++;
    if (rpm_check(release:"EL6", reference:"gimp-help-browser-2.6.9-4.el6_3.3")) flag++;
    if (rpm_check(release:"EL6", reference:"gimp-libs-2.6.9-4.el6_3.3")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gimp / gimp-devel / gimp-devel-tools / gimp-help-browser / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-1180.NASL
    descriptionUpdated gimp packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP
    last seen2020-06-01
    modified2020-06-02
    plugin id61603
    published2012-08-21
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61603
    titleRHEL 6 : gimp (RHSA-2012:1180)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2012:1180. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(61603);
      script_version ("1.17");
      script_cvs_date("Date: 2019/10/24 15:35:36");
    
      script_cve_id("CVE-2011-2896", "CVE-2012-3403", "CVE-2012-3481");
      script_xref(name:"RHSA", value:"2012:1180");
    
      script_name(english:"RHEL 6 : gimp (RHSA-2012:1180)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated gimp packages that fix three security issues are now available
    for Red Hat Enterprise Linux 6.
    
    The Red Hat Security Response Team has rated this update as having
    moderate security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    The GIMP (GNU Image Manipulation Program) is an image composition and
    editing program.
    
    An integer overflow flaw, leading to a heap-based buffer overflow, was
    found in the GIMP's GIF image format plug-in. An attacker could create
    a specially crafted GIF image file that, when opened, could cause the
    GIF plug-in to crash or, potentially, execute arbitrary code with the
    privileges of the user running the GIMP. (CVE-2012-3481)
    
    A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch
    (LZW) decompression algorithm implementation used by the GIMP's GIF
    image format plug-in. An attacker could create a specially crafted GIF
    image file that, when opened, could cause the GIF plug-in to crash or,
    potentially, execute arbitrary code with the privileges of the user
    running the GIMP. (CVE-2011-2896)
    
    A heap-based buffer overflow flaw was found in the GIMP's KiSS CEL
    file format plug-in. An attacker could create a specially crafted KiSS
    palette file that, when opened, could cause the CEL plug-in to crash
    or, potentially, execute arbitrary code with the privileges of the
    user running the GIMP. (CVE-2012-3403)
    
    Red Hat would like to thank Matthias Weckbecker of the SUSE Security
    Team for reporting the CVE-2012-3481 issue.
    
    Users of the GIMP are advised to upgrade to these updated packages,
    which contain backported patches to correct these issues. The GIMP
    must be restarted for the update to take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2012:1180"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2011-2896"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-3403"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-3481"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gimp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gimp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gimp-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gimp-devel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gimp-help-browser");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gimp-libs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/08/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/08/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/21");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2012:1180";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"gimp-2.6.9-4.el6_3.3")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"gimp-2.6.9-4.el6_3.3")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"gimp-2.6.9-4.el6_3.3")) flag++;
    
      if (rpm_check(release:"RHEL6", reference:"gimp-debuginfo-2.6.9-4.el6_3.3")) flag++;
    
      if (rpm_check(release:"RHEL6", reference:"gimp-devel-2.6.9-4.el6_3.3")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"gimp-devel-tools-2.6.9-4.el6_3.3")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"gimp-devel-tools-2.6.9-4.el6_3.3")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"gimp-devel-tools-2.6.9-4.el6_3.3")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"gimp-help-browser-2.6.9-4.el6_3.3")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"gimp-help-browser-2.6.9-4.el6_3.3")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"gimp-help-browser-2.6.9-4.el6_3.3")) flag++;
    
      if (rpm_check(release:"RHEL6", reference:"gimp-libs-2.6.9-4.el6_3.3")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gimp / gimp-debuginfo / gimp-devel / gimp-devel-tools / etc");
      }
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2012-1181.NASL
    descriptionUpdated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the GIMP
    last seen2020-06-01
    modified2020-06-02
    plugin id61600
    published2012-08-21
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61600
    titleCentOS 5 : gimp (CESA-2012:1181)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2012:1181 and 
    # CentOS Errata and Security Advisory 2012:1181 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(61600);
      script_version("1.8");
      script_cvs_date("Date: 2020/01/07");
    
      script_cve_id("CVE-2009-3909", "CVE-2011-2896", "CVE-2012-3402", "CVE-2012-3403", "CVE-2012-3481");
      script_xref(name:"RHSA", value:"2012:1181");
    
      script_name(english:"CentOS 5 : gimp (CESA-2012:1181)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated gimp packages that fix multiple security issues are now
    available for Red Hat Enterprise Linux 5.
    
    The Red Hat Security Response Team has rated this update as having
    moderate security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    The GIMP (GNU Image Manipulation Program) is an image composition and
    editing program.
    
    Multiple integer overflow flaws, leading to heap-based buffer
    overflows, were found in the GIMP's Adobe Photoshop (PSD) image file
    plug-in. An attacker could create a specially crafted PSD image file
    that, when opened, could cause the PSD plug-in to crash or,
    potentially, execute arbitrary code with the privileges of the user
    running the GIMP. (CVE-2009-3909, CVE-2012-3402)
    
    An integer overflow flaw, leading to a heap-based buffer overflow, was
    found in the GIMP's GIF image format plug-in. An attacker could create
    a specially crafted GIF image file that, when opened, could cause the
    GIF plug-in to crash or, potentially, execute arbitrary code with the
    privileges of the user running the GIMP. (CVE-2012-3481)
    
    A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch
    (LZW) decompression algorithm implementation used by the GIMP's GIF
    image format plug-in. An attacker could create a specially crafted GIF
    image file that, when opened, could cause the GIF plug-in to crash or,
    potentially, execute arbitrary code with the privileges of the user
    running the GIMP. (CVE-2011-2896)
    
    A heap-based buffer overflow flaw was found in the GIMP's KiSS CEL
    file format plug-in. An attacker could create a specially crafted KiSS
    palette file that, when opened, could cause the CEL plug-in to crash
    or, potentially, execute arbitrary code with the privileges of the
    user running the GIMP. (CVE-2012-3403)
    
    Red Hat would like to thank Secunia Research for reporting
    CVE-2009-3909, and Matthias Weckbecker of the SUSE Security Team for
    reporting CVE-2012-3481.
    
    Users of the GIMP are advised to upgrade to these updated packages,
    which contain backported patches to correct these issues. The GIMP
    must be restarted for the update to take effect."
      );
      # https://lists.centos.org/pipermail/centos-announce/2012-August/018809.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?7e97b3a2"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected gimp packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2009-3909");
      script_cwe_id(189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gimp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gimp-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gimp-libs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/11/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/08/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/21");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-5", reference:"gimp-2.2.13-2.0.7.el5_8.5")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"gimp-devel-2.2.13-2.0.7.el5_8.5")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"gimp-libs-2.2.13-2.0.7.el5_8.5")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gimp / gimp-devel / gimp-libs");
    }
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS11_GIMP_20130219.NASL
    descriptionThe remote Solaris system is missing necessary patches to address security updates : - Heap-based buffer overflow in the KiSS CEL file format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted KiSS palette file, which triggers an
    last seen2020-06-01
    modified2020-06-02
    plugin id80622
    published2015-01-19
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80622
    titleOracle Solaris Third-Party Patch Update : gimp (multiple_vulnerabilities_in_gimp)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from the Oracle Third Party software advisories.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(80622);
      script_version("1.2");
      script_cvs_date("Date: 2018/11/15 20:50:24");
    
      script_cve_id("CVE-2012-3403", "CVE-2012-3481");
    
      script_name(english:"Oracle Solaris Third-Party Patch Update : gimp (multiple_vulnerabilities_in_gimp)");
      script_summary(english:"Check for the 'entire' version.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Solaris system is missing a security patch for third-party
    software."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote Solaris system is missing necessary patches to address
    security updates :
    
      - Heap-based buffer overflow in the KiSS CEL file format
        plug-in in GIMP 2.8.x and earlier allows remote
        attackers to cause a denial of service and possibly
        execute arbitrary code via a crafted KiSS palette file,
        which triggers an 'invalid free.' (CVE-2012-3403)
    
      - Integer overflow in the ReadImage function in
        plug-ins/common/file-gif-load.c in the GIF image format
        plug-in in GIMP 2.8.x and earlier allows remote
        attackers to cause a denial of service (application
        crash) and possibly execute arbitrary code via crafted
        height and len properties in a GIF image file, which
        triggers a heap-based buffer overflow. NOTE: some of
        these details are obtained from third party information.
        (CVE-2012-3481)"
      );
      # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?4a913f44"
      );
      # https://blogs.oracle.com/sunsecurity/multiple-vulnerabilities-in-gimp
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?5f5d0ac7"
      );
      script_set_attribute(attribute:"solution", value:"Upgrade to Solaris 11.1.4.5.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:11.1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:gimp");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/02/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/19");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris11/release", "Host/Solaris11/pkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("solaris.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Solaris11/release");
    if (isnull(release)) audit(AUDIT_OS_NOT, "Solaris11");
    pkg_list = solaris_pkg_list_leaves();
    if (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, "Solaris pkg-list packages");
    
    if (empty_or_null(egrep(string:pkg_list, pattern:"^gimp$"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "gimp");
    
    flag = 0;
    
    if (solaris_check_release(release:"0.5.11-0.175.1.4.0.5.0", sru:"SRU 4.5") > 0) flag++;
    
    if (flag)
    {
      error_extra = 'Affected package : gimp\n' + solaris_get_report2();
      error_extra = ereg_replace(pattern:"version", replace:"OS version", string:error_extra);
      if (report_verbosity > 0) security_warning(port:0, extra:error_extra);
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_PACKAGE_NOT_AFFECTED, "gimp");
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1559-1.NASL
    descriptionJoseph Sheridan discovered that GIMP incorrectly handled certain malformed headers in FIT files. If a user were tricked into opening a specially crafted FIT image file, an attacker could cause GIMP to crash. (CVE-2012-3236) Murray McAllister discovered that GIMP incorrectly handled malformed KiSS palette files. If a user were tricked into opening a specially crafted KiSS palette file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user
    last seen2020-06-01
    modified2020-06-02
    plugin id62037
    published2012-09-11
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62037
    titleUbuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : gimp vulnerabilities (USN-1559-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-1559-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(62037);
      script_version("1.8");
      script_cvs_date("Date: 2019/09/19 12:54:28");
    
      script_cve_id("CVE-2012-3236", "CVE-2012-3403", "CVE-2012-3481");
      script_bugtraq_id(54246, 55101);
      script_xref(name:"USN", value:"1559-1");
    
      script_name(english:"Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : gimp vulnerabilities (USN-1559-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Joseph Sheridan discovered that GIMP incorrectly handled certain
    malformed headers in FIT files. If a user were tricked into opening a
    specially crafted FIT image file, an attacker could cause GIMP to
    crash. (CVE-2012-3236)
    
    Murray McAllister discovered that GIMP incorrectly handled malformed
    KiSS palette files. If a user were tricked into opening a specially
    crafted KiSS palette file, an attacker could cause GIMP to crash, or
    possibly execute arbitrary code with the user's privileges.
    (CVE-2012-3403)
    
    Matthias Weckbecker discovered that GIMP incorrectly handled malformed
    GIF image files. If a user were tricked into opening a specially
    crafted GIF image file, an attacker could cause GIMP to crash, or
    possibly execute arbitrary code with the user's privileges.
    (CVE-2012-3481).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/1559-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected gimp package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gimp");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/07/12");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/09/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/11");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(10\.04|11\.04|11\.10|12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04 / 11.04 / 11.10 / 12.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"10.04", pkgname:"gimp", pkgver:"2.6.8-2ubuntu1.5")) flag++;
    if (ubuntu_check(osver:"11.04", pkgname:"gimp", pkgver:"2.6.11-1ubuntu6.3")) flag++;
    if (ubuntu_check(osver:"11.10", pkgname:"gimp", pkgver:"2.6.11-2ubuntu4.1")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"gimp", pkgver:"2.6.12-1ubuntu1.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gimp");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-12364.NASL
    descriptionThis update fixes security and stability issues in various image format loaders. Security issues fixed include CVE-2012-3403 and CVE-2012-3481. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-09-04
    plugin id61756
    published2012-09-04
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/61756
    titleFedora 16 : gimp-2.6.12-2.fc16 (2012-12364)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20120820_GIMP_ON_SL5_X.NASL
    descriptionThe GIMP (GNU Image Manipulation Program) is an image composition and editing program. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the GIMP
    last seen2020-03-18
    modified2012-08-21
    plugin id61605
    published2012-08-21
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61605
    titleScientific Linux Security Update : gimp on SL5.x i386/x86_64 (20120820)

Redhat

advisories
  • rhsa
    idRHSA-2012:1180
  • rhsa
    idRHSA-2012:1181
rpms
  • gimp-2:2.6.9-4.el6_3.3
  • gimp-debuginfo-2:2.6.9-4.el6_3.3
  • gimp-devel-2:2.6.9-4.el6_3.3
  • gimp-devel-tools-2:2.6.9-4.el6_3.3
  • gimp-help-browser-2:2.6.9-4.el6_3.3
  • gimp-libs-2:2.6.9-4.el6_3.3
  • gimp-2:2.2.13-2.0.7.el5_8.5
  • gimp-debuginfo-2:2.2.13-2.0.7.el5_8.5
  • gimp-devel-2:2.2.13-2.0.7.el5_8.5
  • gimp-libs-2:2.2.13-2.0.7.el5_8.5