what you don't know can hurt you
Showing 1 - 7 of 7 RSS Feed

CVE-2009-3909

Status Candidate

Overview

Integer overflow in the read_channel_data function in plug-ins/file-psd/psd-load.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a crafted PSD file that triggers a heap-based buffer overflow.

Related Files

Gentoo Linux Security Advisory 201209-23
Posted Sep 28, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201209-23 - Multiple vulnerabilities have been found in GIMP, the worst of which allow execution of arbitrary code or Denial of Service. Versions less than 2.6.12-r2 are affected.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2009-1570, CVE-2009-3909, CVE-2010-4540, CVE-2010-4541, CVE-2010-4542, CVE-2010-4543, CVE-2011-1178, CVE-2011-2896, CVE-2012-2763, CVE-2012-3402
MD5 | a8b821baaae77956824d436955c1f75e
Red Hat Security Advisory 2012-1181-01
Posted Aug 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1181-01 - The GIMP is an image composition and editing program. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the GIMP's Adobe Photoshop image file plug-in. An attacker could create a specially-crafted PSD image file that, when opened, could cause the PSD plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2009-3909, CVE-2011-2896, CVE-2012-3402, CVE-2012-3403, CVE-2012-3481
MD5 | 8119619c1e305025723c2b28001aaa71
Mandriva Linux Security Advisory 2009-332
Posted Apr 28, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-332 - Integer overflow in the read_channel_data function in plug-ins/file-psd/psd-load.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a crafted PSD file that triggers a heap-based buffer overflow. Additionally the patch for in MDVSA-2009:296 was incomplete, this update corrects this as well. This update provides a solution to this vulnerability. Packages for 2009.0 are provided due to the Extended Maintenance Program.

tags | advisory, remote, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2009-3909
MD5 | 09307dfe73093ca74e518148265a9873
Ubuntu Security Notice 880-1
Posted Jan 7, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 880-1 - Stefan Cornelius discovered that GIMP did not correctly handle certain malformed BMP files. If a user were tricked into opening a specially crafted BMP file, an attacker could execute arbitrary code with the user's privileges. Stefan Cornelius discovered that GIMP did not correctly handle certain malformed PSD files. If a user were tricked into opening a specially crafted PSD file, an attacker could execute arbitrary code with the user's privileges. This issue only applied to Ubuntu 8.10, 9.04 and 9.10.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2009-1570, CVE-2009-3909
MD5 | 0b21720c2759ed2461fb39acdc9e6c0d
Mandriva Linux Security Advisory 2009-332
Posted Dec 13, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-332 - Integer overflow in the read_channel_data function in plug-ins/file-psd/psd-load.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a crafted PSD file that triggers a heap-based buffer overflow. Additionally the patch for in MDVSA-2009:296 was incomplete, this update corrects this as well. This update provides a solution to this vulnerability.

tags | advisory, remote, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2009-3909
MD5 | bd976937b65c94c305590fce7306b8cf
Debian Linux Security Advisory 1941-1
Posted Nov 25, 2009
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1941-1 - Several integer overflows, buffer overflows and memory allocation errors were discovered in the Poppler PDF rendering library, which may lead to denial of service or the execution of arbitrary code if a user is tricked into opening a malformed PDF document.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2009-0755, CVE-2009-3903, CVE-2009-3904, CVE-2009-3905, CVE-2009-3906, CVE-2009-3907, CVE-2009-3908, CVE-2009-3909, CVE-2009-3938
MD5 | 75713038359ff5373a18cc3fcca28ae8
Gimp PSD Image Parsing Integer Overflow
Posted Nov 18, 2009
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered a vulnerability in Gimp, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by an integer overflow error within the "read_channel_data()" function in plug-ins/file-psd/psd-load.c. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted PSD file. Version 2.6.7 is affected.

tags | advisory, overflow
advisories | CVE-2009-3909
MD5 | 386e572c3ff9889366d1e2085c1d0e06
Page 1 of 1
Back1Next

File Archive:

May 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    16 Files
  • 2
    May 2nd
    8 Files
  • 3
    May 3rd
    8 Files
  • 4
    May 4th
    2 Files
  • 5
    May 5th
    1 Files
  • 6
    May 6th
    15 Files
  • 7
    May 7th
    22 Files
  • 8
    May 8th
    16 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    16 Files
  • 11
    May 11th
    3 Files
  • 12
    May 12th
    4 Files
  • 13
    May 13th
    25 Files
  • 14
    May 14th
    24 Files
  • 15
    May 15th
    78 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    16 Files
  • 18
    May 18th
    2 Files
  • 19
    May 19th
    1 Files
  • 20
    May 20th
    11 Files
  • 21
    May 21st
    21 Files
  • 22
    May 22nd
    20 Files
  • 23
    May 23rd
    36 Files
  • 24
    May 24th
    2 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close