English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 324607 CVE Beschreibungen
und 145615 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.58510
Kategorie:Mandrake Local Security Checks
Titel:Mandrake Security Advisory MDKSA-2007:170 (gimp)
Zusammenfassung:NOSUMMARY
Beschreibung:Description:

The remote host is missing an update to gimp
announced via advisory MDKSA-2007:170.

Multiple integer overflows in the image loader plug-ins in GIMP before
2.2.16 allow user-assisted remote attackers to execute arbitrary code
via crafted length values in (1) DICOM, (2) PNM, (3) PSD, (4) PSP,
(5) Sun RAS, (6) XBM, and (7) XWD files. (CVE-2006-4519)

Integer overflow in the seek_to_and_unpack_pixeldata function in
the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute
arbitrary code via a crafted PSD file that contains a large (1)
width or (2) height value. (CVE-2007-2949)

Victor Stinner has discovered several flaws in file plug-ins using
his fuzzyfier tool fusil. Several modified image files cause the
plug-ins to crash or consume excessive amounts of memory due to
insufficient input validation. Affected plug-ins: bmp, pcx, psd, psp
(*.tub). (CVE-2007-3741)

Updated packages have been patched to prevent these issues.

Affected: 2007.0, 2007.1, Corporate 3.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2007:170

Risk factor : High

CVSS Score:
6.8

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2006-4519
BugTraq ID: 24835
http://www.securityfocus.com/bid/24835
Bugtraq: 20070801 FLEA-2007-0038-1 gimp (Google Search)
http://www.securityfocus.com/archive/1/475257/100/0/threaded
Debian Security Information: DSA-1335 (Google Search)
http://www.debian.org/security/2007/dsa-1335
http://security.gentoo.org/glsa/glsa-200707-09.xml
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=551
http://www.mandriva.com/security/advisories?name=MDKSA-2007:170
http://osvdb.org/42139
http://osvdb.org/42140
http://osvdb.org/42141
http://osvdb.org/42142
http://osvdb.org/42143
http://osvdb.org/42144
http://osvdb.org/42145
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10842
http://www.redhat.com/support/errata/RHSA-2007-0513.html
http://www.securitytracker.com/id?1018349
http://secunia.com/advisories/26132
http://secunia.com/advisories/26215
http://secunia.com/advisories/26240
http://secunia.com/advisories/26575
http://secunia.com/advisories/26939
http://www.ubuntu.com/usn/usn-494-1
http://www.vupen.com/english/advisories/2007/2471
XForce ISS Database: gimp-plugins-code-execution(35308)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35308
Common Vulnerability Exposure (CVE) ID: CVE-2007-2949
BugTraq ID: 24745
http://www.securityfocus.com/bid/24745
CERT/CC vulnerability note: VU#399896
http://www.kb.cert.org/vuls/id/399896
http://secunia.com/secunia_research/2007-63/advisory/
http://osvdb.org/37804
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11276
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5772
http://secunia.com/advisories/25677
http://secunia.com/advisories/25949
http://secunia.com/advisories/26044
http://secunia.com/advisories/26384
http://secunia.com/advisories/28114
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.360191
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103170-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201320-1
SuSE Security Announcement: SUSE-SR:2007:015 (Google Search)
http://www.novell.com/linux/security/advisories/2007_15_sr.html
http://www.ubuntu.com/usn/usn-480-1
http://www.vupen.com/english/advisories/2007/2421
http://www.vupen.com/english/advisories/2007/4241
XForce ISS Database: gimp-unpackpixeldata-code-execution(35246)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35246
Common Vulnerability Exposure (CVE) ID: CVE-2007-3741
25424
http://www.securityfocus.com/bid/25424
26575
26939
42128
http://osvdb.org/42128
42129
http://osvdb.org/42129
42130
http://osvdb.org/42130
42131
http://osvdb.org/42131
MDKSA-2007:170
RHSA-2007:0513
oval:org.mitre.oval:def:10099
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10099
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2025 E-Soft Inc. Alle Rechte vorbehalten.