CVE-2007-2356

Exploit

EPSS 32.46%
Veröffentlicht 30.04.2007 22:19:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Stack-based buffer overflow in the set_color_table function in sunras.c in the SUNRAS plugin in Gimp 2.2.14 allows user-assisted remote attackers to execute arbitrary code via a crafted RAS file.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 30

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gimp ≫ Gimp Version2.2.14

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	32.46%	0.964

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://secunia.com/advisories/28114

Broken Link

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103170-1

Third Party Advisory

Broken Link

http://sunsolve.sun.com/search/document.do?assetkey=1-66-201320-1

Third Party Advisory

Broken Link

http://www.vupen.com/english/advisories/2007/4241

Vendor Advisory

Broken Link

http://lists.suse.com/archive/suse-security-announce/2007-May/0005.html

Third Party Advisory

http://secunia.com/advisories/25239

Broken Link

http://secunia.com/advisories/25012

Broken Link

http://secunia.com/advisories/25111

Broken Link

http://secunia.com/advisories/25167

Broken Link

http://secunia.com/advisories/25346

Broken Link

http://secunia.com/advisories/25359

Broken Link

http://secunia.com/advisories/25466

Broken Link

http://secunia.com/advisories/25573

Broken Link

http://security.gentoo.org/glsa/glsa-200705-08.xml

Third Party Advisory

http://www.debian.org/security/2007/dsa-1301

Patch

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2007:108

Broken Link

http://www.redhat.com/support/errata/RHSA-2007-0343.html

Patch

Third Party Advisory

http://www.securityfocus.com/archive/1/467231/100/0/threaded

Third Party Advisory

VDB Entry

http://www.securityfocus.com/bid/23680

Patch

Third Party Advisory

Exploit

VDB Entry

http://www.securitytracker.com/id?1018092

Third Party Advisory

VDB Entry

http://www.ubuntu.com/usn/usn-467-1

Third Party Advisory

http://www.vupen.com/english/advisories/2007/1560

Vendor Advisory

Broken Link

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=238422

Third Party Advisory

Issue Tracking

https://exchange.xforce.ibmcloud.com/vulnerabilities/33911

Third Party Advisory

VDB Entry

https://issues.rpath.com/browse/RPL-1318

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10054

Tool Signature

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5960

Tool Signature

https://nvd.nist.gov/vuln/detail/CVE-2007-2356

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-2356

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-2356

EUVD