Upstream information

CVE-2007-2356 at MITRE

Description

Stack-based buffer overflow in the set_color_table function in sunras.c in the SUNRAS plugin in Gimp 2.2.14 allows user-assisted remote attackers to execute arbitrary code via a crafted RAS file.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 6.8
Vector AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entry: 270506 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Software Development Kit 11 SP4
  • gimp >= 2.6.2-3.34.45.1
  • gimp-devel >= 2.6.2-3.34.45.1
  • gimp-lang >= 2.6.2-3.34.45.1
  • gimp-plugins-python >= 2.6.2-3.34.45.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 11 SP4 GA gimp
SUSE LINUX 10.0
  • gimp-unstable >= 2.3.3-5.5
SUSE LINUX 10.1
  • gimp-unstable >= 2.3.7-17.5
SuSE Linux Desktop 1.0
  • gimp >= 1.2.3-544
core9.s390
core9.x86
ZYPP Patch Nr: 3283
Novell Linux Desktop 9 SDK for x86
Novell Linux Desktop 9 SDK for x86_64
Novell Linux Desktop 9 for x86
Novell Linux Desktop 9 for x86_64
  • gimp >= 2.0.2-1.7
core9.s390
core9.x86
ZYPP Patch Nr: 3283
SLES SDK 9 for IBM S/390 and IBM zSeries
SLES SDK 9 for IBM iSeries and IBM pSeries
SLES SDK 9 for IBM zSeries
SLES SDK 9 for IPF
SLES SDK 9 for X86-64
SLES SDK 9 for x86
  • gimp >= 2.0.0-16.11
core9.s390
core9.x86
ZYPP Patch Nr: 3283
SUSE LINUX 10.0
  • gimp >= 2.2.8-6.6
SUSE LINUX 10.1
  • gimp >= 2.2.10-22.8.3