Upstream information

CVE-2007-2949 at MITRE

Description

Integer overflow in the seek_to_and_unpack_pixeldata function in the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute arbitrary code via a crafted PSD file that contains a large (1) width or (2) height value.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 6.8
Vector AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entry: 284288 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Software Development Kit 11 SP4
  • gimp >= 2.6.2-3.34.45.1
  • gimp-devel >= 2.6.2-3.34.45.1
  • gimp-lang >= 2.6.2-3.34.45.1
  • gimp-plugins-python >= 2.6.2-3.34.45.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 11 SP4 GA gimp
SUSE LINUX 10.0
  • gimp >= 2.2.8-6.9
  • gimp-devel >= 2.2.8-6.9
  • gimp-unstable >= 2.3.3-5.8
  • gimp-unstable-devel >= 2.3.3-5.8
SUSE LINUX 10.1
  • gimp >= 2.2.10-22.27
  • gimp-devel >= 2.2.10-22.27
  • gimp-unstable >= 2.3.7-17.8
  • gimp-unstable-devel >= 2.3.7-17.8
SuSE Linux Desktop 1.0
  • gimp >= 1.2.3-547
core9.s390
core9.x86
ZYPP Patch Nr: 3962
Novell Linux Desktop 9 SDK for x86
Novell Linux Desktop 9 SDK for x86_64
Novell Linux Desktop 9 for x86_64
  • gimp >= 2.0.2-1.10
  • gimp-devel >= 2.0.2-1.10
core9.s390
core9.x86
ZYPP Patch Nr: 3962
Novell Linux Desktop 9 for x86
  • gimp >= 2.0.2-1.10
core9.s390
core9.x86
ZYPP Patch Nr: 3962
SLES SDK 9 for IBM S/390 and IBM zSeries
SLES SDK 9 for IBM iSeries and IBM pSeries
SLES SDK 9 for IBM zSeries
SLES SDK 9 for IPF
SLES SDK 9 for X86-64
SLES SDK 9 for x86
  • gimp >= 2.0.0-16.14
  • gimp-devel >= 2.0.0-16.14
core9.s390
core9.x86
ZYPP Patch Nr: 3962