漏洞信息详情
Gimp 输入验证错误漏洞
- CNNVD编号:CNNVD-200707-057
- 危害等级: 高危
- CVE编号: CVE-2007-2949
- 漏洞类型: 输入验证错误
- 发布时间: 2007-07-04
- 威胁类型: 远程
- 更新时间: 2022-02-10
- 厂 商: ubuntu
- 漏洞来源: Stefan Cornel
漏洞简介
GIMP是GIMP团队的一款开源的位图图像编辑器。
GIMP的plug-ins/common/PSD.c文件中的seek_to_and_unpack_pixeldata()函数存在输入验证错误漏洞,如果用户受骗打开了设置有超长高度和宽度值的特制PSD文件的话,就会触发堆溢出,导致执行任意指令。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
http://security.gentoo.org/glsa/glsa-200707-09.xml
http://www.gimp.org/
参考网址
来源:SECUNIA
链接:http://secunia.com/advisories/26215
来源:MANDRIVA
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2007:170
来源:CONFIRM
链接:https://issues.rpath.com/browse/RPL-1487
来源:CONFIRM
链接:http://issues.foresightlinux.org/browse/FL-457
来源:SECUNIA
链接:http://secunia.com/advisories/26939
来源:OSVDB
链接:http://osvdb.org/37804
来源:SUSE
链接:http://www.novell.com/linux/security/advisories/2007_15_sr.HTML
来源:VUPEN
链接:http://www.vupen.com/english/advisories/2007/4241
来源:SECUNIA
链接:http://secunia.com/advisories/25949
来源:SUNALERT
链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-103170-1
来源:VUPEN
链接:http://www.vupen.com/english/advisories/2007/2421
来源:REDHAT
链接:http://www.redhat.com/support/errata/RHSA-2007-0513.HTML
来源:XF
链接:https://exchange.xforce.ibmcloud.com/vulnerabilities/35246
来源:SECUNIA
链接:http://secunia.com/advisories/26384
来源:SECUNIA
链接:http://secunia.com/advisories/26044
来源:SECUNIA
链接:http://secunia.com/advisories/25677
来源:CONFIRM
链接:http://svn.gnome.org/viewcvs/gimp?view=revision&revision=22798
来源:MISC
链接:http://secunia.com/secunia_research/2007-63/advisory/
来源:CERT-VN
链接:http://www.kb.cert.org/vuls/id/399896
来源:DEBIAN
链接:https://www.debian.org/security/2007/dsa-1335
来源:GENTOO
链接:http://security.gentoo.org/glsa/glsa-200707-09.xml
来源:SECUNIA
链接:http://secunia.com/advisories/26575
来源:SLACKWARE
链接:http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.360191
来源:SUNALERT
链接:http://sunsolve.sun.com/search/document.do?assetkey=1-66-201320-1
来源:UBUNTU
链接:http://www.ubuntu.com/usn/usn-480-1
来源:SECUNIA
链接:http://secunia.com/advisories/28114
来源:OVAL
链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11276
来源:BID
链接:https://www.securityfocus.com/bid/24745
来源:SECUNIA
链接:http://secunia.com/advisories/26132
来源:OVAL
链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5772
受影响实体
- Ubuntu Ubuntu_linux:6.10:Sparc
- Ubuntu Ubuntu_linux:6.10:I386
- Ubuntu Ubuntu_linux:6.10:Powerpc
- Ubuntu Ubuntu_linux:6.10:Amd64
- Ubuntu Ubuntu_linux:6.06_lts:Sparc
补丁
- Gimp 输入验证错误漏洞的修复措施
评论