Vulnerabilities > CVE-2012-3481 - Integer Overflow or Wraparound vulnerability in Gimp

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

Integer overflow in the ReadImage function in plug-ins/common/file-gif-load.c in the GIF image format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted height and len properties in a GIF image file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.

Vulnerable Configurations

Part Description Count
Application
Gimp
186

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.

Nessus

  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2012-1180.NASL
    descriptionUpdated gimp packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP
    last seen2020-06-01
    modified2020-06-02
    plugin id61599
    published2012-08-21
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61599
    titleCentOS 6 : gimp (CESA-2012:1180)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2012:1180 and 
    # CentOS Errata and Security Advisory 2012:1180 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(61599);
      script_version("1.9");
      script_cvs_date("Date: 2020/01/07");
    
      script_cve_id("CVE-2011-2896", "CVE-2012-3403", "CVE-2012-3481");
      script_xref(name:"RHSA", value:"2012:1180");
    
      script_name(english:"CentOS 6 : gimp (CESA-2012:1180)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated gimp packages that fix three security issues are now available
    for Red Hat Enterprise Linux 6.
    
    The Red Hat Security Response Team has rated this update as having
    moderate security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    The GIMP (GNU Image Manipulation Program) is an image composition and
    editing program.
    
    An integer overflow flaw, leading to a heap-based buffer overflow, was
    found in the GIMP's GIF image format plug-in. An attacker could create
    a specially crafted GIF image file that, when opened, could cause the
    GIF plug-in to crash or, potentially, execute arbitrary code with the
    privileges of the user running the GIMP. (CVE-2012-3481)
    
    A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch
    (LZW) decompression algorithm implementation used by the GIMP's GIF
    image format plug-in. An attacker could create a specially crafted GIF
    image file that, when opened, could cause the GIF plug-in to crash or,
    potentially, execute arbitrary code with the privileges of the user
    running the GIMP. (CVE-2011-2896)
    
    A heap-based buffer overflow flaw was found in the GIMP's KiSS CEL
    file format plug-in. An attacker could create a specially crafted KiSS
    palette file that, when opened, could cause the CEL plug-in to crash
    or, potentially, execute arbitrary code with the privileges of the
    user running the GIMP. (CVE-2012-3403)
    
    Red Hat would like to thank Matthias Weckbecker of the SUSE Security
    Team for reporting the CVE-2012-3481 issue.
    
    Users of the GIMP are advised to upgrade to these updated packages,
    which contain backported patches to correct these issues. The GIMP
    must be restarted for the update to take effect."
      );
      # https://lists.centos.org/pipermail/centos-announce/2012-August/018813.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?7e02ea4c"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected gimp packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-3403");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gimp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gimp-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gimp-devel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gimp-help-browser");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gimp-libs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/08/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/08/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/21");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 6.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-6", reference:"gimp-2.6.9-4.el6_3.3")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"gimp-devel-2.6.9-4.el6_3.3")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"gimp-devel-tools-2.6.9-4.el6_3.3")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"gimp-help-browser-2.6.9-4.el6_3.3")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"gimp-libs-2.6.9-4.el6_3.3")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gimp / gimp-devel / gimp-devel-tools / gimp-help-browser / etc");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-12293.NASL
    descriptionAmong other things this update fixes security and stability issues in various image format loaders. Security issues fixed include CVE-2012-3403 and CVE-2012-3481. Overview of Changes from GIMP 2.8.0 to GIMP 2.8.2 ================================================= Core : - Make tag matching always case-insensitive - Let the tile-cache-size default to half the physical memory GUI : - Mention that the image was exported in the close warning dialog - Make sure popup windows appear on top on OSX - Allow file opening by dropping to the OSX dock - Fix the visibility logic of the export/overwrite menu items - Remove all
    last seen2020-03-17
    modified2012-09-18
    plugin id62135
    published2012-09-18
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/62135
    titleFedora 18 : gimp-2.8.2-1.fc18 (2012-12293)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2012-12293.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(62135);
      script_version("1.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2012-3403", "CVE-2012-3481");
      script_xref(name:"FEDORA", value:"2012-12293");
    
      script_name(english:"Fedora 18 : gimp-2.8.2-1.fc18 (2012-12293)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Among other things this update fixes security and stability issues in
    various image format loaders. Security issues fixed include
    CVE-2012-3403 and CVE-2012-3481.
    
    Overview of Changes from GIMP 2.8.0 to GIMP 2.8.2
    =================================================
    
    Core :
    
      - Make tag matching always case-insensitive
    
        - Let the tile-cache-size default to half the physical
          memory
    
    GUI :
    
      - Mention that the image was exported in the close warning
        dialog
    
        - Make sure popup windows appear on top on OSX
    
        - Allow file opening by dropping to the OSX dock
    
        - Fix the visibility logic of the export/overwrite menu
          items
    
        - Remove all 'Use GEGL' menu items, they only add bugs
          and zero function
    
        - Improve performance of display filters, especially
          color management
    
        - Fix the image window title to comply with the
          save/export spec and use the same image name
          everywhere, not only in the title
    
      - Fix positioning of pasted/dropped stuff to be more
        reasonable
    
    Libgimp :
    
      - Move gimpdir and thumbnails to proper locations on OSX
    
        - Implement relocation on OSX
    
        - Allow to use $(gimp_installation_dir) in config files
    
    Plug-ins :
    
      - Fix remembering of JPEG load/save defaults
    
        - Revive the page setup dialog on Windows
    
    Source and build system :
    
      - Add Windows installer infrastructure
    
        - Add infrastructure to build GIMP.app on OSX
    
    General :
    
      - Lots of bug fixes
    
        - List of translation updates
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=839020"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=847303"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2012-September/086964.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?2c849e84"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected gimp package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gimp");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:18");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/08/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/18");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^18([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 18.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC18", reference:"gimp-2.8.2-1.fc18")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gimp");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20120820_GIMP_ON_SL6_X.NASL
    descriptionThe GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP
    last seen2020-03-18
    modified2012-08-21
    plugin id61606
    published2012-08-21
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61606
    titleScientific Linux Security Update : gimp on SL6.x i386/x86_64 (20120820)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(61606);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/27");
    
      script_cve_id("CVE-2011-2896", "CVE-2012-3403", "CVE-2012-3481");
    
      script_name(english:"Scientific Linux Security Update : gimp on SL6.x i386/x86_64 (20120820)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The GIMP (GNU Image Manipulation Program) is an image composition and
    editing program.
    
    An integer overflow flaw, leading to a heap-based buffer overflow, was
    found in the GIMP's GIF image format plug-in. An attacker could create
    a specially crafted GIF image file that, when opened, could cause the
    GIF plug-in to crash or, potentially, execute arbitrary code with the
    privileges of the user running the GIMP. (CVE-2012-3481)
    
    A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch
    (LZW) decompression algorithm implementation used by the GIMP's GIF
    image format plug-in. An attacker could create a specially crafted GIF
    image file that, when opened, could cause the GIF plug-in to crash or,
    potentially, execute arbitrary code with the privileges of the user
    running the GIMP. (CVE-2011-2896)
    
    A heap-based buffer overflow flaw was found in the GIMP's KiSS CEL
    file format plug-in. An attacker could create a specially crafted KiSS
    palette file that, when opened, could cause the CEL plug-in to crash
    or, potentially, execute arbitrary code with the privileges of the
    user running the GIMP. (CVE-2012-3403)
    
    Users of the GIMP are advised to upgrade to these updated packages,
    which contain backported patches to correct these issues. The GIMP
    must be restarted for the update to take effect."
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1208&L=scientific-linux-errata&T=0&P=1717
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?a5b34bf3"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gimp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gimp-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gimp-devel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gimp-help-browser");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gimp-libs");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/08/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/08/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/21");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL6", reference:"gimp-2.6.9-4.el6_3.3")) flag++;
    if (rpm_check(release:"SL6", reference:"gimp-devel-2.6.9-4.el6_3.3")) flag++;
    if (rpm_check(release:"SL6", reference:"gimp-devel-tools-2.6.9-4.el6_3.3")) flag++;
    if (rpm_check(release:"SL6", reference:"gimp-help-browser-2.6.9-4.el6_3.3")) flag++;
    if (rpm_check(release:"SL6", reference:"gimp-libs-2.6.9-4.el6_3.3")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gimp / gimp-devel / gimp-devel-tools / gimp-help-browser / etc");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-1181.NASL
    descriptionFrom Red Hat Security Advisory 2012:1181 : Updated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the GIMP
    last seen2020-06-01
    modified2020-06-02
    plugin id68601
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68601
    titleOracle Linux 5 : gimp (ELSA-2012-1181)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2012:1181 and 
    # Oracle Linux Security Advisory ELSA-2012-1181 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(68601);
      script_version("1.5");
      script_cvs_date("Date: 2019/09/30 10:58:17");
    
      script_cve_id("CVE-2009-3909", "CVE-2011-2896", "CVE-2012-3402", "CVE-2012-3403", "CVE-2012-3481");
      script_xref(name:"RHSA", value:"2012:1181");
    
      script_name(english:"Oracle Linux 5 : gimp (ELSA-2012-1181)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2012:1181 :
    
    Updated gimp packages that fix multiple security issues are now
    available for Red Hat Enterprise Linux 5.
    
    The Red Hat Security Response Team has rated this update as having
    moderate security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    The GIMP (GNU Image Manipulation Program) is an image composition and
    editing program.
    
    Multiple integer overflow flaws, leading to heap-based buffer
    overflows, were found in the GIMP's Adobe Photoshop (PSD) image file
    plug-in. An attacker could create a specially crafted PSD image file
    that, when opened, could cause the PSD plug-in to crash or,
    potentially, execute arbitrary code with the privileges of the user
    running the GIMP. (CVE-2009-3909, CVE-2012-3402)
    
    An integer overflow flaw, leading to a heap-based buffer overflow, was
    found in the GIMP's GIF image format plug-in. An attacker could create
    a specially crafted GIF image file that, when opened, could cause the
    GIF plug-in to crash or, potentially, execute arbitrary code with the
    privileges of the user running the GIMP. (CVE-2012-3481)
    
    A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch
    (LZW) decompression algorithm implementation used by the GIMP's GIF
    image format plug-in. An attacker could create a specially crafted GIF
    image file that, when opened, could cause the GIF plug-in to crash or,
    potentially, execute arbitrary code with the privileges of the user
    running the GIMP. (CVE-2011-2896)
    
    A heap-based buffer overflow flaw was found in the GIMP's KiSS CEL
    file format plug-in. An attacker could create a specially crafted KiSS
    palette file that, when opened, could cause the CEL plug-in to crash
    or, potentially, execute arbitrary code with the privileges of the
    user running the GIMP. (CVE-2012-3403)
    
    Red Hat would like to thank Secunia Research for reporting
    CVE-2009-3909, and Matthias Weckbecker of the SUSE Security Team for
    reporting CVE-2012-3481.
    
    Users of the GIMP are advised to upgrade to these updated packages,
    which contain backported patches to correct these issues. The GIMP
    must be restarted for the update to take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2012-August/002985.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected gimp packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_cwe_id(189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gimp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gimp-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gimp-libs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/11/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/08/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL5", reference:"gimp-2.2.13-2.0.7.el5_8.5")) flag++;
    if (rpm_check(release:"EL5", reference:"gimp-devel-2.2.13-2.0.7.el5_8.5")) flag++;
    if (rpm_check(release:"EL5", reference:"gimp-libs-2.2.13-2.0.7.el5_8.5")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gimp / gimp-devel / gimp-libs");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2813.NASL
    descriptionMurray McAllister discovered multiple integer and buffer overflows in the XWD plugin in Gimp, which can result in the execution of arbitrary code.
    last seen2020-03-17
    modified2013-12-10
    plugin id71276
    published2013-12-10
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71276
    titleDebian DSA-2813-1 : gimp - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-2813. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(71276);
      script_version("1.12");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2013-1913", "CVE-2013-1978");
      script_bugtraq_id(64098, 64105);
      script_xref(name:"DSA", value:"2813");
    
      script_name(english:"Debian DSA-2813-1 : gimp - several vulnerabilities");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Murray McAllister discovered multiple integer and buffer overflows in
    the XWD plugin in Gimp, which can result in the execution of arbitrary
    code."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2012-3403"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2012-3481"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2012-5576"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/squeeze/gimp"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/wheezy/gimp"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2013/dsa-2813"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the gimp packages.
    
    For the oldstable distribution (squeeze), these problems have been
    fixed in version 2.6.10-1+squeeze4. This update also fixes
    CVE-2012-3403, CVE-2012-3481 and CVE-2012-5576.
    
    For the stable distribution (wheezy), these problems have been fixed
    in version 2.8.2-2+deb7u1."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gimp");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/12/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/10");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"6.0", prefix:"gimp", reference:"2.6.10-1+squeeze4")) flag++;
    if (deb_check(release:"6.0", prefix:"gimp-data", reference:"2.6.10-1+squeeze4")) flag++;
    if (deb_check(release:"6.0", prefix:"gimp-dbg", reference:"2.6.10-1+squeeze4")) flag++;
    if (deb_check(release:"6.0", prefix:"libgimp2.0", reference:"2.6.10-1+squeeze4")) flag++;
    if (deb_check(release:"6.0", prefix:"libgimp2.0-dev", reference:"2.6.10-1+squeeze4")) flag++;
    if (deb_check(release:"6.0", prefix:"libgimp2.0-doc", reference:"2.6.10-1+squeeze4")) flag++;
    if (deb_check(release:"7.0", prefix:"gimp", reference:"2.8.2-2+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"gimp-data", reference:"2.8.2-2+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"gimp-dbg", reference:"2.8.2-2+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"libgimp2.0", reference:"2.8.2-2+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"libgimp2.0-dev", reference:"2.8.2-2+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"libgimp2.0-doc", reference:"2.8.2-2+deb7u1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-583.NASL
    descriptionFixed 2 gimp security bugs : - fixed bnc#724628 CVE-2012-3481: gimp: GIF plugin
    last seen2020-06-05
    modified2014-06-13
    plugin id74745
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74745
    titleopenSUSE Security Update : gimp (openSUSE-SU-2012:1131-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2012-583.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(74745);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2012-2763", "CVE-2012-3481");
    
      script_name(english:"openSUSE Security Update : gimp (openSUSE-SU-2012:1131-1)");
      script_summary(english:"Check for the openSUSE-2012-583 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Fixed 2 gimp security bugs :
    
      - fixed bnc#724628 CVE-2012-3481: gimp: GIF plugin
        'height' / 'len' integer overflow leading to heap-based
        buffer overflow
    
      - fixed bnc#763595 CVE-2012-2763: gimp: buffer overflow in
        script-fu's server component"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=724628"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=763595"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2012-09/msg00043.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected gimp packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'GIMP script-fu Server Buffer Overflow');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gimp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gimp-branding-upstream");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gimp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gimp-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gimp-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gimp-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gimp-help-browser");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gimp-help-browser-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gimp-lang");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gimp-plugins-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gimp-plugins-python-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgimp-2_0-0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgimp-2_0-0-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgimp-2_0-0-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgimp-2_0-0-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgimpui-2_0-0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgimpui-2_0-0-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgimpui-2_0-0-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgimpui-2_0-0-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/08/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE12\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE12.2", reference:"gimp-2.8.0-3.5.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"gimp-branding-upstream-2.8.0-3.5.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"gimp-debuginfo-2.8.0-3.5.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"gimp-debugsource-2.8.0-3.5.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"gimp-devel-2.8.0-3.5.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"gimp-devel-debuginfo-2.8.0-3.5.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"gimp-help-browser-2.8.0-3.5.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"gimp-help-browser-debuginfo-2.8.0-3.5.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"gimp-lang-2.8.0-3.5.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"gimp-plugins-python-2.8.0-3.5.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"gimp-plugins-python-debuginfo-2.8.0-3.5.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"libgimp-2_0-0-2.8.0-3.5.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"libgimp-2_0-0-debuginfo-2.8.0-3.5.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"libgimpui-2_0-0-2.8.0-3.5.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"libgimpui-2_0-0-debuginfo-2.8.0-3.5.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"libgimp-2_0-0-32bit-2.8.0-3.5.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"libgimp-2_0-0-debuginfo-32bit-2.8.0-3.5.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"libgimpui-2_0-0-32bit-2.8.0-3.5.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"libgimpui-2_0-0-debuginfo-32bit-2.8.0-3.5.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gimp");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-1181.NASL
    descriptionUpdated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the GIMP
    last seen2020-06-01
    modified2020-06-02
    plugin id61604
    published2012-08-21
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61604
    titleRHEL 5 : gimp (RHSA-2012:1181)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2012:1181. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(61604);
      script_version ("1.14");
      script_cvs_date("Date: 2019/10/24 15:35:36");
    
      script_cve_id("CVE-2009-3909", "CVE-2011-2896", "CVE-2012-3402", "CVE-2012-3403", "CVE-2012-3481");
      script_xref(name:"RHSA", value:"2012:1181");
    
      script_name(english:"RHEL 5 : gimp (RHSA-2012:1181)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated gimp packages that fix multiple security issues are now
    available for Red Hat Enterprise Linux 5.
    
    The Red Hat Security Response Team has rated this update as having
    moderate security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    The GIMP (GNU Image Manipulation Program) is an image composition and
    editing program.
    
    Multiple integer overflow flaws, leading to heap-based buffer
    overflows, were found in the GIMP's Adobe Photoshop (PSD) image file
    plug-in. An attacker could create a specially crafted PSD image file
    that, when opened, could cause the PSD plug-in to crash or,
    potentially, execute arbitrary code with the privileges of the user
    running the GIMP. (CVE-2009-3909, CVE-2012-3402)
    
    An integer overflow flaw, leading to a heap-based buffer overflow, was
    found in the GIMP's GIF image format plug-in. An attacker could create
    a specially crafted GIF image file that, when opened, could cause the
    GIF plug-in to crash or, potentially, execute arbitrary code with the
    privileges of the user running the GIMP. (CVE-2012-3481)
    
    A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch
    (LZW) decompression algorithm implementation used by the GIMP's GIF
    image format plug-in. An attacker could create a specially crafted GIF
    image file that, when opened, could cause the GIF plug-in to crash or,
    potentially, execute arbitrary code with the privileges of the user
    running the GIMP. (CVE-2011-2896)
    
    A heap-based buffer overflow flaw was found in the GIMP's KiSS CEL
    file format plug-in. An attacker could create a specially crafted KiSS
    palette file that, when opened, could cause the CEL plug-in to crash
    or, potentially, execute arbitrary code with the privileges of the
    user running the GIMP. (CVE-2012-3403)
    
    Red Hat would like to thank Secunia Research for reporting
    CVE-2009-3909, and Matthias Weckbecker of the SUSE Security Team for
    reporting CVE-2012-3481.
    
    Users of the GIMP are advised to upgrade to these updated packages,
    which contain backported patches to correct these issues. The GIMP
    must be restarted for the update to take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2012:1181"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2011-2896"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-3403"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-3481"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-3402"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-3909"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_cwe_id(189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gimp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gimp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gimp-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gimp-libs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/08/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/21");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2012:1181";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"gimp-2.2.13-2.0.7.el5_8.5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"gimp-2.2.13-2.0.7.el5_8.5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"gimp-2.2.13-2.0.7.el5_8.5")) flag++;
      if (rpm_check(release:"RHEL5", reference:"gimp-debuginfo-2.2.13-2.0.7.el5_8.5")) flag++;
      if (rpm_check(release:"RHEL5", reference:"gimp-devel-2.2.13-2.0.7.el5_8.5")) flag++;
      if (rpm_check(release:"RHEL5", reference:"gimp-libs-2.2.13-2.0.7.el5_8.5")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gimp / gimp-debuginfo / gimp-devel / gimp-libs");
      }
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_GIMP-120823.NASL
    descriptionThis update of The Gimp fixes a heap overflow that could have been exploited by attackers to cause a Denial of Service (application crash) or to potentially execute arbitrary code. (CVE-2012-3481)
    last seen2020-06-05
    modified2013-01-25
    plugin id64149
    published2013-01-25
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64149
    titleSuSE 11.1 Security Update : gimp (SAT Patch Number 6712)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2013-082.NASL
    descriptionUpdated gimp packages fix security vulnerabilities : An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP
    last seen2020-06-01
    modified2020-06-02
    plugin id66096
    published2013-04-20
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/66096
    titleMandriva Linux Security Advisory : gimp (MDVSA-2013:082)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-12383.NASL
    descriptionAmong other things this update fixes security and stability issues in various image format loaders. Security issues fixed include CVE-2012-3403 and CVE-2012-3481. Overview of Changes from GIMP 2.8.0 to GIMP 2.8.2 ================================================= Core : - Make tag matching always case-insensitive - Let the tile-cache-size default to half the physical memory GUI : - Mention that the image was exported in the close warning dialog - Make sure popup windows appear on top on OSX - Allow file opening by dropping to the OSX dock - Fix the visibility logic of the export/overwrite menu items - Remove all
    last seen2020-03-17
    modified2012-08-29
    plugin id61703
    published2012-08-29
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/61703
    titleFedora 17 : gimp-2.8.2-1.fc17 (2012-12383)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201311-05.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201311-05 (GIMP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in GIMP. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted KiSS palette, GIF image or XWD file using GIMP, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id70835
    published2013-11-11
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/70835
    titleGLSA-201311-05 : GIMP: Multiple vulnerabilities
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2012-142.NASL
    descriptionMultiple vulnerabilities has been discovered and corrected in gimp : A heap-based buffer overflow flaw, leading to invalid free, was found in the way KISS CEL file format plug-in of Gimp, the GNU Image Manipulation Program, performed loading of certain palette files. A remote attacker could provide a specially crafted KISS palette file that, when opened in Gimp would cause the CEL plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the gimp executable (CVE-2012-3403). Integer overflow, leading to heap-based buffer overflow flaw was found in the GIMP
    last seen2020-06-01
    modified2020-06-02
    plugin id61987
    published2012-09-06
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/61987
    titleMandriva Linux Security Advisory : gimp (MDVSA-2012:142)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-543.NASL
    descriptionMultiple integer overflows in various decoder plug-ins of GIMP have been fixed.
    last seen2020-06-05
    modified2014-06-13
    plugin id74735
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74735
    titleopenSUSE Security Update : gimp (openSUSE-SU-2012:1080-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-1180.NASL
    descriptionFrom Red Hat Security Advisory 2012:1180 : Updated gimp packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP
    last seen2020-06-01
    modified2020-06-02
    plugin id68600
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68600
    titleOracle Linux 6 : gimp (ELSA-2012-1180)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-1180.NASL
    descriptionUpdated gimp packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP
    last seen2020-06-01
    modified2020-06-02
    plugin id61603
    published2012-08-21
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61603
    titleRHEL 6 : gimp (RHSA-2012:1180)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2012-1181.NASL
    descriptionUpdated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the GIMP
    last seen2020-06-01
    modified2020-06-02
    plugin id61600
    published2012-08-21
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61600
    titleCentOS 5 : gimp (CESA-2012:1181)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_GIMP-8253.NASL
    descriptionThis update of The Gimp fixes a heap overflow that could have been exploited by attackers to cause a Denial of Service (application crash) or to potentially execute arbitrary code. (CVE-2012-3481)
    last seen2020-06-05
    modified2012-08-27
    plugin id61680
    published2012-08-27
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/61680
    titleSuSE 10 Security Update : gimp (ZYPP Patch Number 8253)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS11_GIMP_20130219.NASL
    descriptionThe remote Solaris system is missing necessary patches to address security updates : - Heap-based buffer overflow in the KiSS CEL file format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted KiSS palette file, which triggers an
    last seen2020-06-01
    modified2020-06-02
    plugin id80622
    published2015-01-19
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80622
    titleOracle Solaris Third-Party Patch Update : gimp (multiple_vulnerabilities_in_gimp)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1559-1.NASL
    descriptionJoseph Sheridan discovered that GIMP incorrectly handled certain malformed headers in FIT files. If a user were tricked into opening a specially crafted FIT image file, an attacker could cause GIMP to crash. (CVE-2012-3236) Murray McAllister discovered that GIMP incorrectly handled malformed KiSS palette files. If a user were tricked into opening a specially crafted KiSS palette file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user
    last seen2020-06-01
    modified2020-06-02
    plugin id62037
    published2012-09-11
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62037
    titleUbuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : gimp vulnerabilities (USN-1559-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-12364.NASL
    descriptionThis update fixes security and stability issues in various image format loaders. Security issues fixed include CVE-2012-3403 and CVE-2012-3481. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-09-04
    plugin id61756
    published2012-09-04
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/61756
    titleFedora 16 : gimp-2.6.12-2.fc16 (2012-12364)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20120820_GIMP_ON_SL5_X.NASL
    descriptionThe GIMP (GNU Image Manipulation Program) is an image composition and editing program. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the GIMP
    last seen2020-03-18
    modified2012-08-21
    plugin id61605
    published2012-08-21
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61605
    titleScientific Linux Security Update : gimp on SL5.x i386/x86_64 (20120820)

Redhat

advisories
  • bugzilla
    id847303
    titleCVE-2012-3481 Gimp (GIF plug-in): Heap-based buffer overflow by loading certain GIF images
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentgimp-libs is earlier than 2:2.6.9-4.el6_3.3
            ovaloval:com.redhat.rhsa:tst:20121180001
          • commentgimp-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110839006
        • AND
          • commentgimp is earlier than 2:2.6.9-4.el6_3.3
            ovaloval:com.redhat.rhsa:tst:20121180003
          • commentgimp is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110839004
        • AND
          • commentgimp-help-browser is earlier than 2:2.6.9-4.el6_3.3
            ovaloval:com.redhat.rhsa:tst:20121180005
          • commentgimp-help-browser is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110839002
        • AND
          • commentgimp-devel is earlier than 2:2.6.9-4.el6_3.3
            ovaloval:com.redhat.rhsa:tst:20121180007
          • commentgimp-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110839008
        • AND
          • commentgimp-devel-tools is earlier than 2:2.6.9-4.el6_3.3
            ovaloval:com.redhat.rhsa:tst:20121180009
          • commentgimp-devel-tools is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110839010
    rhsa
    idRHSA-2012:1180
    released2012-08-20
    severityModerate
    titleRHSA-2012:1180: gimp security update (Moderate)
  • bugzilla
    id847303
    titleCVE-2012-3481 Gimp (GIF plug-in): Heap-based buffer overflow by loading certain GIF images
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • commentgimp-devel is earlier than 2:2.2.13-2.0.7.el5_8.5
            ovaloval:com.redhat.rhsa:tst:20121181001
          • commentgimp-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070343007
        • AND
          • commentgimp-libs is earlier than 2:2.2.13-2.0.7.el5_8.5
            ovaloval:com.redhat.rhsa:tst:20121181003
          • commentgimp-libs is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070343009
        • AND
          • commentgimp is earlier than 2:2.2.13-2.0.7.el5_8.5
            ovaloval:com.redhat.rhsa:tst:20121181005
          • commentgimp is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070343011
    rhsa
    idRHSA-2012:1181
    released2012-08-20
    severityModerate
    titleRHSA-2012:1181: gimp security update (Moderate)
rpms
  • gimp-2:2.6.9-4.el6_3.3
  • gimp-debuginfo-2:2.6.9-4.el6_3.3
  • gimp-devel-2:2.6.9-4.el6_3.3
  • gimp-devel-tools-2:2.6.9-4.el6_3.3
  • gimp-help-browser-2:2.6.9-4.el6_3.3
  • gimp-libs-2:2.6.9-4.el6_3.3
  • gimp-2:2.2.13-2.0.7.el5_8.5
  • gimp-debuginfo-2:2.2.13-2.0.7.el5_8.5
  • gimp-devel-2:2.2.13-2.0.7.el5_8.5
  • gimp-libs-2:2.2.13-2.0.7.el5_8.5