CVE-2009-3909

HIGH

Description

Integer overflow in the read_channel_data function in plug-ins/file-psd/psd-load.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a crafted PSD file that triggers a heap-based buffer overflow.

References

http://git.gnome.org/cgit/gimp/commit/?id=0e440cb6d4d6ee029667363d244aff61b154c33c

http://git.gnome.org/cgit/gimp/commit/?id=9cc8d78ff33b7a36852b74e64b427489cad44d0e

http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html

http://osvdb.org/60178

http://rhn.redhat.com/errata/RHSA-2012-1181.html

http://secunia.com/advisories/37348

http://secunia.com/advisories/50737

http://secunia.com/secunia_research/2009-43/

http://security.gentoo.org/glsa/glsa-201209-23.xml

http://www.debian.org/security/2009/dsa-1941

http://www.mandriva.com/security/advisories?name=MDVSA-2009:332

http://www.securityfocus.com/archive/1/507928/100/0/threaded

http://www.securityfocus.com/bid/37040

http://www.vupen.com/english/advisories/2009/3270

http://www.vupen.com/english/advisories/2010/1021

https://bugzilla.gnome.org/show_bug.cgi?id=600741

Details

Source: MITRE

Published: 2009-11-19

Updated: 2018-10-10

Type: CWE-189

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Tenable Plugins

View all (15 total)

ID	Name	Product	Family	Severity
68601	Oracle Linux 5 : gimp (ELSA-2012-1181)	Nessus	Oracle Linux Local Security Checks	high
62379	GLSA-201209-23 : GIMP: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
61605	Scientific Linux Security Update : gimp on SL5.x i386/x86_64 (20120820)	Nessus	Scientific Linux Local Security Checks	high
61604	RHEL 5 : gimp (RHSA-2012:1181)	Nessus	Red Hat Local Security Checks	high
61600	CentOS 5 : gimp (CESA-2012:1181)	Nessus	CentOS Local Security Checks	high
51747	SuSE 10 Security Update : gimp (ZYPP Patch Number 6882)	Nessus	SuSE Local Security Checks	high
51746	SuSE 10 Security Update : gimp (ZYPP Patch Number 6880)	Nessus	SuSE Local Security Checks	high
50910	SuSE 11 Security Update : gimp (SAT Patch Number 2155)	Nessus	SuSE Local Security Checks	high
46175	Mandriva Linux Security Advisory : gimp (MDVSA-2009:332-1)	Nessus	Mandriva Local Security Checks	high
45537	openSUSE Security Update : gimp (openSUSE-SU-2010:0115-1)	Nessus	SuSE Local Security Checks	high
45535	openSUSE Security Update : gimp (openSUSE-SU-2010:0115-1)	Nessus	SuSE Local Security Checks	high
45532	openSUSE Security Update : gimp (openSUSE-SU-2010:0110-1)	Nessus	SuSE Local Security Checks	high
44806	Debian DSA-1941-1 : poppler - several vulnerabilities	Nessus	Debian Local Security Checks	high
43825	Ubuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : gimp vulnerabilities (USN-880-1)	Nessus	Ubuntu Local Security Checks	high
43112	Slackware 12.1 / 12.2 / 13.0 / current : gimp (SSA:2009-345-01)	Nessus	Slackware Local Security Checks	high