Vulnerability Details : CVE-2009-3909
Integer overflow in the read_channel_data function in plug-ins/file-psd/psd-load.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a crafted PSD file that triggers a heap-based buffer overflow.
Vulnerability category: OverflowExecute code
Products affected by CVE-2009-3909
- cpe:2.3:a:gimp:gimp:2.6.7:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-3909
3.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 86 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-3909
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2009-3909
-
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-3909
-
http://www.securityfocus.com/archive/1/507928/100/0/threaded
Broken Link;Third Party Advisory;VDB Entry
-
http://rhn.redhat.com/errata/RHSA-2012-1181.html
RHSA-2012:1181 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://secunia.com/secunia_research/2009-43/
About Secunia Research | FlexeraBroken Link
-
http://secunia.com/advisories/50737
Sign inBroken Link
-
http://secunia.com/advisories/37348
About Secunia Research | FlexeraBroken Link
-
http://www.debian.org/security/2009/dsa-1941
[SECURITY] [DSA 1941-1] New poppler packages fix several vulnerabilitiesThird Party Advisory
-
http://security.gentoo.org/glsa/glsa-201209-23.xml
GIMP: Multiple vulnerabilities (GLSA 201209-23) — Gentoo securityThird Party Advisory
-
https://bugzilla.gnome.org/show_bug.cgi?id=600741
Bug 600741 – "read_channel_data()" Integer Overflow VulnerabilityIssue Tracking;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:009Third Party Advisory
-
http://git.gnome.org/cgit/gimp/commit/?id=9cc8d78ff33b7a36852b74e64b427489cad44d0e
Harden the PSD plugin against integer overflows. (9cc8d78f) · Commits · GNOME / GIMP · GitLabPatch;Vendor Advisory
-
http://www.vupen.com/english/advisories/2009/3270
Site en constructionBroken Link;Vendor Advisory
-
http://osvdb.org/60178
Broken Link
-
http://www.mandriva.com/security/advisories?name=MDVSA-2009:332
MandrivaBroken Link
-
http://www.vupen.com/english/advisories/2010/1021
Site en constructionBroken Link
-
http://git.gnome.org/cgit/gimp/commit/?id=0e440cb6d4d6ee029667363d244aff61b154c33c
Fix the PSD structs to use signed ints for bounding box coordinates. (0e440cb6) · Commits · GNOME / GIMP · GitLabPatch;Vendor Advisory
-
http://www.securityfocus.com/bid/37040
Broken Link;Third Party Advisory;VDB Entry
Jump to