Vulnerabilities > CVE-2012-3481 - Integer Overflow or Wraparound vulnerability in Gimp
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Integer overflow in the ReadImage function in plug-ins/common/file-gif-load.c in the GIF image format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted height and len properties in a GIF image file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Forced Integer Overflow This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Nessus
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2012-1180.NASL description Updated gimp packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP last seen 2020-06-01 modified 2020-06-02 plugin id 61599 published 2012-08-21 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61599 title CentOS 6 : gimp (CESA-2012:1180) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2012:1180 and # CentOS Errata and Security Advisory 2012:1180 respectively. # include("compat.inc"); if (description) { script_id(61599); script_version("1.9"); script_cvs_date("Date: 2020/01/07"); script_cve_id("CVE-2011-2896", "CVE-2012-3403", "CVE-2012-3481"); script_xref(name:"RHSA", value:"2012:1180"); script_name(english:"CentOS 6 : gimp (CESA-2012:1180)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated gimp packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's GIF image format plug-in. An attacker could create a specially crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2012-3481) A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch (LZW) decompression algorithm implementation used by the GIMP's GIF image format plug-in. An attacker could create a specially crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2011-2896) A heap-based buffer overflow flaw was found in the GIMP's KiSS CEL file format plug-in. An attacker could create a specially crafted KiSS palette file that, when opened, could cause the CEL plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2012-3403) Red Hat would like to thank Matthias Weckbecker of the SUSE Security Team for reporting the CVE-2012-3481 issue. Users of the GIMP are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The GIMP must be restarted for the update to take effect." ); # https://lists.centos.org/pipermail/centos-announce/2012-August/018813.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7e02ea4c" ); script_set_attribute(attribute:"solution", value:"Update the affected gimp packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-3403"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gimp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gimp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gimp-devel-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gimp-help-browser"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gimp-libs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/08/19"); script_set_attribute(attribute:"patch_publication_date", value:"2012/08/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/21"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 6.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-6", reference:"gimp-2.6.9-4.el6_3.3")) flag++; if (rpm_check(release:"CentOS-6", reference:"gimp-devel-2.6.9-4.el6_3.3")) flag++; if (rpm_check(release:"CentOS-6", reference:"gimp-devel-tools-2.6.9-4.el6_3.3")) flag++; if (rpm_check(release:"CentOS-6", reference:"gimp-help-browser-2.6.9-4.el6_3.3")) flag++; if (rpm_check(release:"CentOS-6", reference:"gimp-libs-2.6.9-4.el6_3.3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gimp / gimp-devel / gimp-devel-tools / gimp-help-browser / etc"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2012-12293.NASL description Among other things this update fixes security and stability issues in various image format loaders. Security issues fixed include CVE-2012-3403 and CVE-2012-3481. Overview of Changes from GIMP 2.8.0 to GIMP 2.8.2 ================================================= Core : - Make tag matching always case-insensitive - Let the tile-cache-size default to half the physical memory GUI : - Mention that the image was exported in the close warning dialog - Make sure popup windows appear on top on OSX - Allow file opening by dropping to the OSX dock - Fix the visibility logic of the export/overwrite menu items - Remove all last seen 2020-03-17 modified 2012-09-18 plugin id 62135 published 2012-09-18 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62135 title Fedora 18 : gimp-2.8.2-1.fc18 (2012-12293) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2012-12293. # include("compat.inc"); if (description) { script_id(62135); script_version("1.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-3403", "CVE-2012-3481"); script_xref(name:"FEDORA", value:"2012-12293"); script_name(english:"Fedora 18 : gimp-2.8.2-1.fc18 (2012-12293)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Among other things this update fixes security and stability issues in various image format loaders. Security issues fixed include CVE-2012-3403 and CVE-2012-3481. Overview of Changes from GIMP 2.8.0 to GIMP 2.8.2 ================================================= Core : - Make tag matching always case-insensitive - Let the tile-cache-size default to half the physical memory GUI : - Mention that the image was exported in the close warning dialog - Make sure popup windows appear on top on OSX - Allow file opening by dropping to the OSX dock - Fix the visibility logic of the export/overwrite menu items - Remove all 'Use GEGL' menu items, they only add bugs and zero function - Improve performance of display filters, especially color management - Fix the image window title to comply with the save/export spec and use the same image name everywhere, not only in the title - Fix positioning of pasted/dropped stuff to be more reasonable Libgimp : - Move gimpdir and thumbnails to proper locations on OSX - Implement relocation on OSX - Allow to use $(gimp_installation_dir) in config files Plug-ins : - Fix remembering of JPEG load/save defaults - Revive the page setup dialog on Windows Source and build system : - Add Windows installer infrastructure - Add infrastructure to build GIMP.app on OSX General : - Lots of bug fixes - List of translation updates Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=839020" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=847303" ); # https://lists.fedoraproject.org/pipermail/package-announce/2012-September/086964.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?2c849e84" ); script_set_attribute(attribute:"solution", value:"Update the affected gimp package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gimp"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:18"); script_set_attribute(attribute:"patch_publication_date", value:"2012/08/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^18([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 18.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC18", reference:"gimp-2.8.2-1.fc18")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gimp"); }
NASL family Scientific Linux Local Security Checks NASL id SL_20120820_GIMP_ON_SL6_X.NASL description The GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP last seen 2020-03-18 modified 2012-08-21 plugin id 61606 published 2012-08-21 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61606 title Scientific Linux Security Update : gimp on SL6.x i386/x86_64 (20120820) code # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(61606); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/27"); script_cve_id("CVE-2011-2896", "CVE-2012-3403", "CVE-2012-3481"); script_name(english:"Scientific Linux Security Update : gimp on SL6.x i386/x86_64 (20120820)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's GIF image format plug-in. An attacker could create a specially crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2012-3481) A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch (LZW) decompression algorithm implementation used by the GIMP's GIF image format plug-in. An attacker could create a specially crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2011-2896) A heap-based buffer overflow flaw was found in the GIMP's KiSS CEL file format plug-in. An attacker could create a specially crafted KiSS palette file that, when opened, could cause the CEL plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2012-3403) Users of the GIMP are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The GIMP must be restarted for the update to take effect." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1208&L=scientific-linux-errata&T=0&P=1717 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?a5b34bf3" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gimp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gimp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gimp-devel-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gimp-help-browser"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gimp-libs"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/08/19"); script_set_attribute(attribute:"patch_publication_date", value:"2012/08/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/21"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL6", reference:"gimp-2.6.9-4.el6_3.3")) flag++; if (rpm_check(release:"SL6", reference:"gimp-devel-2.6.9-4.el6_3.3")) flag++; if (rpm_check(release:"SL6", reference:"gimp-devel-tools-2.6.9-4.el6_3.3")) flag++; if (rpm_check(release:"SL6", reference:"gimp-help-browser-2.6.9-4.el6_3.3")) flag++; if (rpm_check(release:"SL6", reference:"gimp-libs-2.6.9-4.el6_3.3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gimp / gimp-devel / gimp-devel-tools / gimp-help-browser / etc"); }
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-1181.NASL description From Red Hat Security Advisory 2012:1181 : Updated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the GIMP last seen 2020-06-01 modified 2020-06-02 plugin id 68601 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68601 title Oracle Linux 5 : gimp (ELSA-2012-1181) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2012:1181 and # Oracle Linux Security Advisory ELSA-2012-1181 respectively. # include("compat.inc"); if (description) { script_id(68601); script_version("1.5"); script_cvs_date("Date: 2019/09/30 10:58:17"); script_cve_id("CVE-2009-3909", "CVE-2011-2896", "CVE-2012-3402", "CVE-2012-3403", "CVE-2012-3481"); script_xref(name:"RHSA", value:"2012:1181"); script_name(english:"Oracle Linux 5 : gimp (ELSA-2012-1181)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2012:1181 : Updated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the GIMP's Adobe Photoshop (PSD) image file plug-in. An attacker could create a specially crafted PSD image file that, when opened, could cause the PSD plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2009-3909, CVE-2012-3402) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's GIF image format plug-in. An attacker could create a specially crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2012-3481) A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch (LZW) decompression algorithm implementation used by the GIMP's GIF image format plug-in. An attacker could create a specially crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2011-2896) A heap-based buffer overflow flaw was found in the GIMP's KiSS CEL file format plug-in. An attacker could create a specially crafted KiSS palette file that, when opened, could cause the CEL plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2012-3403) Red Hat would like to thank Secunia Research for reporting CVE-2009-3909, and Matthias Weckbecker of the SUSE Security Team for reporting CVE-2012-3481. Users of the GIMP are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The GIMP must be restarted for the update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2012-August/002985.html" ); script_set_attribute(attribute:"solution", value:"Update the affected gimp packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gimp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gimp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gimp-libs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2009/11/18"); script_set_attribute(attribute:"patch_publication_date", value:"2012/08/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL5", reference:"gimp-2.2.13-2.0.7.el5_8.5")) flag++; if (rpm_check(release:"EL5", reference:"gimp-devel-2.2.13-2.0.7.el5_8.5")) flag++; if (rpm_check(release:"EL5", reference:"gimp-libs-2.2.13-2.0.7.el5_8.5")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gimp / gimp-devel / gimp-libs"); }
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2813.NASL description Murray McAllister discovered multiple integer and buffer overflows in the XWD plugin in Gimp, which can result in the execution of arbitrary code. last seen 2020-03-17 modified 2013-12-10 plugin id 71276 published 2013-12-10 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71276 title Debian DSA-2813-1 : gimp - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-2813. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(71276); script_version("1.12"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-1913", "CVE-2013-1978"); script_bugtraq_id(64098, 64105); script_xref(name:"DSA", value:"2813"); script_name(english:"Debian DSA-2813-1 : gimp - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Murray McAllister discovered multiple integer and buffer overflows in the XWD plugin in Gimp, which can result in the execution of arbitrary code." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2012-3403" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2012-3481" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2012-5576" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/squeeze/gimp" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/gimp" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2013/dsa-2813" ); script_set_attribute( attribute:"solution", value: "Upgrade the gimp packages. For the oldstable distribution (squeeze), these problems have been fixed in version 2.6.10-1+squeeze4. This update also fixes CVE-2012-3403, CVE-2012-3481 and CVE-2012-5576. For the stable distribution (wheezy), these problems have been fixed in version 2.8.2-2+deb7u1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gimp"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"patch_publication_date", value:"2013/12/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"6.0", prefix:"gimp", reference:"2.6.10-1+squeeze4")) flag++; if (deb_check(release:"6.0", prefix:"gimp-data", reference:"2.6.10-1+squeeze4")) flag++; if (deb_check(release:"6.0", prefix:"gimp-dbg", reference:"2.6.10-1+squeeze4")) flag++; if (deb_check(release:"6.0", prefix:"libgimp2.0", reference:"2.6.10-1+squeeze4")) flag++; if (deb_check(release:"6.0", prefix:"libgimp2.0-dev", reference:"2.6.10-1+squeeze4")) flag++; if (deb_check(release:"6.0", prefix:"libgimp2.0-doc", reference:"2.6.10-1+squeeze4")) flag++; if (deb_check(release:"7.0", prefix:"gimp", reference:"2.8.2-2+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"gimp-data", reference:"2.8.2-2+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"gimp-dbg", reference:"2.8.2-2+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libgimp2.0", reference:"2.8.2-2+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libgimp2.0-dev", reference:"2.8.2-2+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libgimp2.0-doc", reference:"2.8.2-2+deb7u1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-583.NASL description Fixed 2 gimp security bugs : - fixed bnc#724628 CVE-2012-3481: gimp: GIF plugin last seen 2020-06-05 modified 2014-06-13 plugin id 74745 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74745 title openSUSE Security Update : gimp (openSUSE-SU-2012:1131-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2012-583. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(74745); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2012-2763", "CVE-2012-3481"); script_name(english:"openSUSE Security Update : gimp (openSUSE-SU-2012:1131-1)"); script_summary(english:"Check for the openSUSE-2012-583 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fixed 2 gimp security bugs : - fixed bnc#724628 CVE-2012-3481: gimp: GIF plugin 'height' / 'len' integer overflow leading to heap-based buffer overflow - fixed bnc#763595 CVE-2012-2763: gimp: buffer overflow in script-fu's server component" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=724628" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=763595" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2012-09/msg00043.html" ); script_set_attribute(attribute:"solution", value:"Update the affected gimp packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'GIMP script-fu Server Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gimp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gimp-branding-upstream"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gimp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gimp-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gimp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gimp-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gimp-help-browser"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gimp-help-browser-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gimp-lang"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gimp-plugins-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gimp-plugins-python-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgimp-2_0-0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgimp-2_0-0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgimp-2_0-0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgimp-2_0-0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgimpui-2_0-0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgimpui-2_0-0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgimpui-2_0-0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgimpui-2_0-0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.2"); script_set_attribute(attribute:"patch_publication_date", value:"2012/08/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE12\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE12.2", reference:"gimp-2.8.0-3.5.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"gimp-branding-upstream-2.8.0-3.5.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"gimp-debuginfo-2.8.0-3.5.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"gimp-debugsource-2.8.0-3.5.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"gimp-devel-2.8.0-3.5.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"gimp-devel-debuginfo-2.8.0-3.5.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"gimp-help-browser-2.8.0-3.5.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"gimp-help-browser-debuginfo-2.8.0-3.5.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"gimp-lang-2.8.0-3.5.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"gimp-plugins-python-2.8.0-3.5.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"gimp-plugins-python-debuginfo-2.8.0-3.5.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"libgimp-2_0-0-2.8.0-3.5.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"libgimp-2_0-0-debuginfo-2.8.0-3.5.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"libgimpui-2_0-0-2.8.0-3.5.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"libgimpui-2_0-0-debuginfo-2.8.0-3.5.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"libgimp-2_0-0-32bit-2.8.0-3.5.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"libgimp-2_0-0-debuginfo-32bit-2.8.0-3.5.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"libgimpui-2_0-0-32bit-2.8.0-3.5.1") ) flag++; if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"libgimpui-2_0-0-debuginfo-32bit-2.8.0-3.5.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gimp"); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-1181.NASL description Updated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the GIMP last seen 2020-06-01 modified 2020-06-02 plugin id 61604 published 2012-08-21 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61604 title RHEL 5 : gimp (RHSA-2012:1181) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2012:1181. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(61604); script_version ("1.14"); script_cvs_date("Date: 2019/10/24 15:35:36"); script_cve_id("CVE-2009-3909", "CVE-2011-2896", "CVE-2012-3402", "CVE-2012-3403", "CVE-2012-3481"); script_xref(name:"RHSA", value:"2012:1181"); script_name(english:"RHEL 5 : gimp (RHSA-2012:1181)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the GIMP's Adobe Photoshop (PSD) image file plug-in. An attacker could create a specially crafted PSD image file that, when opened, could cause the PSD plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2009-3909, CVE-2012-3402) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's GIF image format plug-in. An attacker could create a specially crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2012-3481) A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch (LZW) decompression algorithm implementation used by the GIMP's GIF image format plug-in. An attacker could create a specially crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2011-2896) A heap-based buffer overflow flaw was found in the GIMP's KiSS CEL file format plug-in. An attacker could create a specially crafted KiSS palette file that, when opened, could cause the CEL plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2012-3403) Red Hat would like to thank Secunia Research for reporting CVE-2009-3909, and Matthias Weckbecker of the SUSE Security Team for reporting CVE-2012-3481. Users of the GIMP are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The GIMP must be restarted for the update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2012:1181" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-2896" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-3403" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-3481" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-3402" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2009-3909" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gimp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gimp-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gimp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gimp-libs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"patch_publication_date", value:"2012/08/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2012:1181"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"gimp-2.2.13-2.0.7.el5_8.5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"gimp-2.2.13-2.0.7.el5_8.5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"gimp-2.2.13-2.0.7.el5_8.5")) flag++; if (rpm_check(release:"RHEL5", reference:"gimp-debuginfo-2.2.13-2.0.7.el5_8.5")) flag++; if (rpm_check(release:"RHEL5", reference:"gimp-devel-2.2.13-2.0.7.el5_8.5")) flag++; if (rpm_check(release:"RHEL5", reference:"gimp-libs-2.2.13-2.0.7.el5_8.5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gimp / gimp-debuginfo / gimp-devel / gimp-libs"); } }
NASL family SuSE Local Security Checks NASL id SUSE_11_GIMP-120823.NASL description This update of The Gimp fixes a heap overflow that could have been exploited by attackers to cause a Denial of Service (application crash) or to potentially execute arbitrary code. (CVE-2012-3481) last seen 2020-06-05 modified 2013-01-25 plugin id 64149 published 2013-01-25 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64149 title SuSE 11.1 Security Update : gimp (SAT Patch Number 6712) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2013-082.NASL description Updated gimp packages fix security vulnerabilities : An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP last seen 2020-06-01 modified 2020-06-02 plugin id 66096 published 2013-04-20 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/66096 title Mandriva Linux Security Advisory : gimp (MDVSA-2013:082) NASL family Fedora Local Security Checks NASL id FEDORA_2012-12383.NASL description Among other things this update fixes security and stability issues in various image format loaders. Security issues fixed include CVE-2012-3403 and CVE-2012-3481. Overview of Changes from GIMP 2.8.0 to GIMP 2.8.2 ================================================= Core : - Make tag matching always case-insensitive - Let the tile-cache-size default to half the physical memory GUI : - Mention that the image was exported in the close warning dialog - Make sure popup windows appear on top on OSX - Allow file opening by dropping to the OSX dock - Fix the visibility logic of the export/overwrite menu items - Remove all last seen 2020-03-17 modified 2012-08-29 plugin id 61703 published 2012-08-29 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/61703 title Fedora 17 : gimp-2.8.2-1.fc17 (2012-12383) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201311-05.NASL description The remote host is affected by the vulnerability described in GLSA-201311-05 (GIMP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in GIMP. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted KiSS palette, GIF image or XWD file using GIMP, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 70835 published 2013-11-11 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70835 title GLSA-201311-05 : GIMP: Multiple vulnerabilities NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2012-142.NASL description Multiple vulnerabilities has been discovered and corrected in gimp : A heap-based buffer overflow flaw, leading to invalid free, was found in the way KISS CEL file format plug-in of Gimp, the GNU Image Manipulation Program, performed loading of certain palette files. A remote attacker could provide a specially crafted KISS palette file that, when opened in Gimp would cause the CEL plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the gimp executable (CVE-2012-3403). Integer overflow, leading to heap-based buffer overflow flaw was found in the GIMP last seen 2020-06-01 modified 2020-06-02 plugin id 61987 published 2012-09-06 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/61987 title Mandriva Linux Security Advisory : gimp (MDVSA-2012:142) NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-543.NASL description Multiple integer overflows in various decoder plug-ins of GIMP have been fixed. last seen 2020-06-05 modified 2014-06-13 plugin id 74735 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74735 title openSUSE Security Update : gimp (openSUSE-SU-2012:1080-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-1180.NASL description From Red Hat Security Advisory 2012:1180 : Updated gimp packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP last seen 2020-06-01 modified 2020-06-02 plugin id 68600 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68600 title Oracle Linux 6 : gimp (ELSA-2012-1180) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-1180.NASL description Updated gimp packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP last seen 2020-06-01 modified 2020-06-02 plugin id 61603 published 2012-08-21 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61603 title RHEL 6 : gimp (RHSA-2012:1180) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2012-1181.NASL description Updated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the GIMP last seen 2020-06-01 modified 2020-06-02 plugin id 61600 published 2012-08-21 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61600 title CentOS 5 : gimp (CESA-2012:1181) NASL family SuSE Local Security Checks NASL id SUSE_GIMP-8253.NASL description This update of The Gimp fixes a heap overflow that could have been exploited by attackers to cause a Denial of Service (application crash) or to potentially execute arbitrary code. (CVE-2012-3481) last seen 2020-06-05 modified 2012-08-27 plugin id 61680 published 2012-08-27 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/61680 title SuSE 10 Security Update : gimp (ZYPP Patch Number 8253) NASL family Solaris Local Security Checks NASL id SOLARIS11_GIMP_20130219.NASL description The remote Solaris system is missing necessary patches to address security updates : - Heap-based buffer overflow in the KiSS CEL file format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted KiSS palette file, which triggers an last seen 2020-06-01 modified 2020-06-02 plugin id 80622 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80622 title Oracle Solaris Third-Party Patch Update : gimp (multiple_vulnerabilities_in_gimp) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1559-1.NASL description Joseph Sheridan discovered that GIMP incorrectly handled certain malformed headers in FIT files. If a user were tricked into opening a specially crafted FIT image file, an attacker could cause GIMP to crash. (CVE-2012-3236) Murray McAllister discovered that GIMP incorrectly handled malformed KiSS palette files. If a user were tricked into opening a specially crafted KiSS palette file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user last seen 2020-06-01 modified 2020-06-02 plugin id 62037 published 2012-09-11 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62037 title Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : gimp vulnerabilities (USN-1559-1) NASL family Fedora Local Security Checks NASL id FEDORA_2012-12364.NASL description This update fixes security and stability issues in various image format loaders. Security issues fixed include CVE-2012-3403 and CVE-2012-3481. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-09-04 plugin id 61756 published 2012-09-04 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/61756 title Fedora 16 : gimp-2.6.12-2.fc16 (2012-12364) NASL family Scientific Linux Local Security Checks NASL id SL_20120820_GIMP_ON_SL5_X.NASL description The GIMP (GNU Image Manipulation Program) is an image composition and editing program. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the GIMP last seen 2020-03-18 modified 2012-08-21 plugin id 61605 published 2012-08-21 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61605 title Scientific Linux Security Update : gimp on SL5.x i386/x86_64 (20120820)
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
References
- http://secunia.com/advisories/50296
- http://www.securityfocus.com/bid/55101
- http://www.securitytracker.com/id?1027411
- https://bugzilla.redhat.com/show_bug.cgi?id=847303
- http://rhn.redhat.com/errata/RHSA-2012-1180.html
- https://bugzilla.novell.com/show_bug.cgi?id=776572
- http://www.openwall.com/lists/oss-security/2012/08/20/8
- http://rhn.redhat.com/errata/RHSA-2012-1181.html
- http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00023.html
- http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00000.html
- http://www.ubuntu.com/usn/USN-1559-1
- http://lists.opensuse.org/opensuse-updates/2012-09/msg00043.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:142
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:082