Bug 244400 (CVE-2007-2949) - CVE-2007-2949 Gimp PSD integer overflow
Summary: CVE-2007-2949 Gimp PSD integer overflow
Alias: CVE-2007-2949
Product: Security Response
Classification: Other
Component: vulnerability   
(Show other bugs)
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Whiteboard: impact=moderate,source=vendorsec,publ...
Keywords: Security
Depends On: 244402 244403 244404 244405 244406 244407 244408 244409 244410 833902
TreeView+ depends on / blocked
Reported: 2007-06-15 13:52 UTC by Josh Bressers
Modified: 2016-03-04 12:30 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-01-15 14:11:19 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2007:0513 normal SHIPPED_LIVE Moderate: gimp security update 2008-01-07 19:10:49 UTC

Description Josh Bressers 2007-06-15 13:52:59 UTC
Stefan Cornelius of Secunia Research discovered an integer overflow flaw in the
way Gimp's PSD decoder processes certain PSD files.  This flaw could allow a
malicious PSD file to execute arbitrary code as the user running Gimp.

Comment 3 Josh Bressers 2007-06-15 14:02:28 UTC
Created tracking bugs for this issue

CVE-2007-2949 Affects: F7 [bug #244402]
CVE-2007-2949 Affects: FC5 [bug #244403]
CVE-2007-2949 Affects: FC6 [bug #244404]
CVE-2007-2949 Affects: rhel-2.1 [bug #244405]
CVE-2007-2949 Affects: rhel-3 [bug #244406]
CVE-2007-2949 Affects: rhel-4.5.z [bug #244407]
CVE-2007-2949 Affects: rhel-4.6 [bug #244408]
CVE-2007-2949 Affects: rhel-5.0.z [bug #244409]
CVE-2007-2949 Affects: rhel-5.1 [bug #244410]

Comment 6 Josh Bressers 2007-07-06 20:07:20 UTC
Lifting embargo

Comment 7 Red Hat Product Security 2008-01-15 14:11:19 UTC
This issue was addressed in:

Red Hat Enterprise Linux:

  updated to fixed upstream version

Note You need to log in before you can comment on or make changes to this bug.