Vulnerability Details CVE-2007-3741
The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp allow user-assisted remote attackers to cause a denial of service (crash or memory consumption) via crafted image files, as discovered using the fusil fuzzing tool.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.016
EPSS Ranking 80.6%
CVSS Severity
CVSS v2 Score 4.3
References
- http://osvdb.org/42128
- http://osvdb.org/42129
- http://osvdb.org/42130
- http://osvdb.org/42131
- http://secunia.com/advisories/26575
- http://secunia.com/advisories/26939
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:170
- http://www.redhat.com/support/errata/RHSA-2007-0513.html
- http://www.securityfocus.com/bid/25424
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10099
- http://osvdb.org/42128
- http://osvdb.org/42129
- http://osvdb.org/42130
- http://osvdb.org/42131
- http://secunia.com/advisories/26575
- http://secunia.com/advisories/26939
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:170
- http://www.redhat.com/support/errata/RHSA-2007-0513.html
- http://www.securityfocus.com/bid/25424
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10099
Products affected by CVE-2007-3741
-
cpe:2.3:a:gnu:gimp:-
-
cpe:2.3:a:gnu:gimp:2.6.11
-
cpe:2.3:a:gnu:gimp:2.6.8
-
cpe:2.3:o:mandriva:linux:-
-
cpe:2.3:o:mandriva:linux:10.1
-
cpe:2.3:o:mandriva:linux:10.2
-
cpe:2.3:o:mandriva:linux:2006.0
-
cpe:2.3:o:mandriva:linux:2008.0
-
cpe:2.3:o:mandriva:linux:2008.1
-
cpe:2.3:o:mandriva:linux:2009.0