Bug 244400 (CVE-2007-2949) - CVE-2007-2949 Gimp PSD integer overflow
Summary: CVE-2007-2949 Gimp PSD integer overflow
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2007-2949
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 244402 244403 244404 244405 244406 244407 244408 244409 244410 833902
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-06-15 13:52 UTC by Josh Bressers
Modified: 2019-09-29 12:20 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-01-15 14:11:19 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2007:0513 0 normal SHIPPED_LIVE Moderate: gimp security update 2008-01-07 19:10:49 UTC

Description Josh Bressers 2007-06-15 13:52:59 UTC 
Stefan Cornelius of Secunia Research discovered an integer overflow flaw in the
way Gimp's PSD decoder processes certain PSD files.  This flaw could allow a
malicious PSD file to execute arbitrary code as the user running Gimp.
Comment 3 Josh Bressers 2007-06-15 14:02:28 UTC 
Created tracking bugs for this issue

CVE-2007-2949 Affects: F7 [bug #244402]
CVE-2007-2949 Affects: FC5 [bug #244403]
CVE-2007-2949 Affects: FC6 [bug #244404]
CVE-2007-2949 Affects: rhel-2.1 [bug #244405]
CVE-2007-2949 Affects: rhel-3 [bug #244406]
CVE-2007-2949 Affects: rhel-4.5.z [bug #244407]
CVE-2007-2949 Affects: rhel-4.6 [bug #244408]
CVE-2007-2949 Affects: rhel-5.0.z [bug #244409]
CVE-2007-2949 Affects: rhel-5.1 [bug #244410]
Comment 6 Josh Bressers 2007-07-06 20:07:20 UTC 
Lifting embargo
Comment 7 Red Hat Product Security 2008-01-15 14:11:19 UTC 
This issue was addressed in:

Red Hat Enterprise Linux:
  http://rhn.redhat.com/errata/RHSA-2007-0513.html

Fedora:
  updated to fixed upstream version
Note You need to log in before you can comment on or make changes to this bug.