Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.69776
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2011:0837
Summary:NOSUMMARY
Description:Description:
The remote host is missing updates announced in
advisory RHSA-2011:0837.

The GIMP (GNU Image Manipulation Program) is an image composition and
editing program.

An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the GIMP's Microsoft Windows Bitmap (BMP) and Personal Computer
eXchange (PCX) image file plug-ins. An attacker could create a
specially-crafted BMP or PCX image file that, when opened, could cause the
relevant plug-in to crash or, potentially, execute arbitrary code with the
privileges of the user running the GIMP. (CVE-2009-1570, CVE-2011-1178)

A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro
(PSP) image file plug-in. An attacker could create a specially-crafted PSP
image file that, when opened, could cause the PSP plug-in to crash or,
potentially, execute arbitrary code with the privileges of the user running
the GIMP. (CVE-2010-4543)

A stack-based buffer overflow flaw was found in the GIMP's Sphere Designer
image filter. An attacker could create a specially-crafted Sphere Designer
filter configuration file that, when opened, could cause the Sphere
Designer plug-in to crash or, potentially, execute arbitrary code with the
privileges of the user running the GIMP. (CVE-2010-4541)

Red Hat would like to thank Stefan Cornelius of Secunia Research for
responsibly reporting the CVE-2009-1570 flaw.

Users of the GIMP are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. The GIMP must be
restarted for the update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2011-0837.html

Risk factor : Critical

CVSS Score:
9.3

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-1570
BugTraq ID: 37006
http://www.securityfocus.com/bid/37006
Bugtraq: 20091112 Secunia Research: Gimp BMP Image Parsing Integer Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/507813/100/0/threaded
http://security.gentoo.org/glsa/glsa-201209-23.xml
http://secunia.com/secunia_research/2009-42/
https://bugzilla.gnome.org/show_bug.cgi?id=600484
http://www.osvdb.org/59930
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8290
http://www.redhat.com/support/errata/RHSA-2011-0837.html
http://www.redhat.com/support/errata/RHSA-2011-0838.html
http://secunia.com/advisories/37232
http://secunia.com/advisories/50737
SuSE Security Announcement: SUSE-SR:2010:009 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html
http://www.vupen.com/english/advisories/2009/3228
http://www.vupen.com/english/advisories/2009/3564
http://www.vupen.com/english/advisories/2010/1021
XForce ISS Database: gimp-readimage-bo(54254)
https://exchange.xforce.ibmcloud.com/vulnerabilities/54254
Common Vulnerability Exposure (CVE) ID: CVE-2010-4541
Debian Security Information: DSA-2426 (Google Search)
http://www.debian.org/security/2012/dsa-2426
http://www.mandriva.com/security/advisories?name=MDVSA-2011:103
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608497
http://openwall.com/lists/oss-security/2011/01/03/2
http://openwall.com/lists/oss-security/2011/01/04/7
http://osvdb.org/70281
http://www.redhat.com/support/errata/RHSA-2011-0839.html
http://secunia.com/advisories/42771
http://secunia.com/advisories/44750
http://secunia.com/advisories/48236
SuSE Security Announcement: SUSE-SR:2011:005 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://www.vupen.com/english/advisories/2011/0016
XForce ISS Database: gimp-sphere-designer-bo(64581)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64581
Common Vulnerability Exposure (CVE) ID: CVE-2010-4543
http://osvdb.org/70284
Common Vulnerability Exposure (CVE) ID: CVE-2011-1178
BugTraq ID: 48057
http://www.securityfocus.com/bid/48057
http://www.mandriva.com/security/advisories?name=MDVSA-2011:110
http://securitytracker.com/id?1025586
XForce ISS Database: gimp-pcximage-bo(67787)
https://exchange.xforce.ibmcloud.com/vulnerabilities/67787
CopyrightCopyright (c) 2011 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.