Page 7 of 42 results (0.011 seconds)

CVSS: 7.5EPSS: 12%CPEs: 1EXPL: 5

CVE-2010-4543 – GIMP 2.6.7 - Multiple File Plugins Remote Stack Buffer Overflow Vulnerabilities

https://notcve.org/view.php?id=CVE-2010-4543

Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image file that begins a long run count at the end of the image. NOTE: some of these details are obtained from third party information. Hay un desbordamiento de búfer en la región heap de la memoria en la función read_channel_data en el archivo psp.c en el plugin Paint Shop Pro (PSP) en GIMP versión 2.6.11 permite a los atacantes remotos generar una denegación de servicio (posible bloqueo de la aplicación) o posiblemente ejecutar código arbitrario por medio de un PSP_COMP_RLE Archivo de imagen (también se conoce como RLE compression) que comienza un conteo de ejecución larga al final de la imagen. NOTA: algunos de estos detalles se obtienen a partir de información de terceros. • https://www.exploit-db.com/exploits/35162 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608497 http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://openwall.com/lists/oss-security/2011/01/03/2 http://openwall.com/lists/oss-security/2011/01/04/7 http://osvdb.org/70284 http://secunia.com/advisories/42771 http://secunia.com/advisories/44750 http://secunia.com/advisories/48236 http://secunia.com/advisories/50737 http://security.gentoo • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 9.3EPSS: 6%CPEs: 1EXPL: 0

CVE-2009-3909 – Gimp: Integer overflow in the PSD image file plugin

https://notcve.org/view.php?id=CVE-2009-3909

Integer overflow in the read_channel_data function in plug-ins/file-psd/psd-load.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a crafted PSD file that triggers a heap-based buffer overflow. Desbordamiento de entero en la función read_channel_data en plug-ins/file-psd/psd-load.c en GIMP v2.6.7, podría permitir a atacantes remotos ejecutar código de su elección a través de un archivo PSD manipulado que provoca un desbordamiento de búfer basado en memoria dinámica (heap). • http://git.gnome.org/cgit/gimp/commit/?id=0e440cb6d4d6ee029667363d244aff61b154c33c http://git.gnome.org/cgit/gimp/commit/?id=9cc8d78ff33b7a36852b74e64b427489cad44d0e http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html http://osvdb.org/60178 http://rhn.redhat.com/errata/RHSA-2012-1181.html http://secunia.com/advisories/37348 http://secunia.com/advisories/50737 http://secunia.com/secunia_research/2009-43 http://security.gentoo.org/glsa/glsa-201209-23.xml http://www. • CWE-190: Integer Overflow or Wraparound •

CVSS: 9.3EPSS: 6%CPEs: 1EXPL: 0

CVE-2009-1570 – Gimp: Integer overflow in the BMP image file plugin

https://notcve.org/view.php?id=CVE-2009-1570

Integer overflow in the ReadImage function in plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a BMP file with crafted width and height values that trigger a heap-based buffer overflow. Desbordamiento de entero en la función ReadImage en plug-ins/file-bmp/bmp-read.c en GIMP 2.6.7 puede permitir a atacantes remotos ejecutar código de su elección mediante un fichero BMP con valores de ancho y alto manipulados que dispararía un desbordamiento de búfer basado en memoria dinámica. • http://git.gnome.org/cgit/gimp/commit/?h=gimp-2-6&id=df2b0aca2e7cdb95ebfd3454c65aaba0a83e9bbe http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html http://secunia.com/advisories/37232 http://secunia.com/advisories/50737 http://secunia.com/secunia_research/2009-42 http://security.gentoo.org/glsa/glsa-201209-23.xml http://www.osvdb.org/59930 http://www.redhat.com/support/errata/RHSA-2011-0837.html http://www.redhat.com/support/errata/RHSA-2011-0838.html http • CWE-190: Integer Overflow or Wraparound •

CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 2

CVE-2009-0723 – LittleCms integer overflow

https://notcve.org/view.php?id=CVE-2009-0723

Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. Múltiples desbordamientos de enteros en LittleCMS (también conocido como lcms o liblcms) anteriores a v1.18beta2, como el utilizado en Firefox v3.1beta, OpenJDK, y GIMP, permiten a atacantes dependientes de contexto ejecutar código arbitrario a través de un fichero de imagen manipulado, que provoca un desbordamiento de buffer basada en montículo. NOTA: algunos de estos detalles son obtenidos de información de terceras personas. • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html http://scary.beasts.org/security/CESA-2009-003.html http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html http://secunia.com/advisories/34367 http://secunia.com/advisories/34382 http://secunia.com/advisories/34400 http://secunia.com/advisories/34408 http://secunia.com/advisories/34418 http://secunia.com/advisories/34442 http://secunia.com/advisories/34450 http://secunia.com/advisories/34454&# • CWE-190: Integer Overflow or Wraparound •

CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 2

CVE-2009-0733 – LittleCms lack of upper-bounds check on sizes

https://notcve.org/view.php?id=CVE-2009-0733

Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions. Múltiples desbordamientos de búfer basados en pila en la función ReadSetOfCurves en LittleCMS (alias LCMS o liblcms) antes de la versión 1.18beta2, tal y como se usa en Firefox 3.1beta, OpenJDK, y GIMP, permiten ejecutar código arbitrario, a atacantes dependientes de contexto, a través de un archivo de imagen modificado con valores de enteros demasiado grandes en el (1) canal de entrada o (2) canal de salida, en relación con las funciones ReadLUT_A2B y ReadLUT_B2A. • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html http://scary.beasts.org/security/CESA-2009-003.html http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html http://secunia.com/advisories/34367 http://secunia.com/advisories/34382 http://secunia.com/advisories/34400 http://secunia.com/advisories/34408 http://secunia.com/advisories/34418 http://secunia.com/advisories/34442 http://secunia.com/advisories/34450 http://secunia.com/advisories/34454&# • CWE-787: Out-of-bounds Write •