Red Hat Customer Portal

Skip to main content

CVE-2009-3909

Integer overflow in the read_channel_data function in plug-ins/file-psd/psd-load.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a crafted PSD file that triggers a heap-based buffer overflow.

Details Source

Mitre

Statement

Vulnerable. This issue affects gimp packages in Red Hat Enterprise Linux 4 and 5. This issue does not affect gimp package in Red Hat Enterprise Linux 6.

Public Date

2009-11-17 00:00:00

Impact

Moderate

Bugzilla

CVE-2009-3909 Gimp: Integer overflow in the PSD image file plugin

Bugzilla ID

537 370

CVSS Status

verified

Base Score

6.80

Base Metrics

AV:N/AC:M/Au:N/C:P/I:P/A:P

Acknowledgements

Red Hat would like to thank Stefan Cornelius of Secunia Research for reporting this flaw.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 5 (gimp) RHSA-2012:1181 2012-08-20

CWE

CWE-190

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 6 gimp Not affected
Red Hat Enterprise Linux 4 gimp Will not fix