CVE-2009-3909

Common Vulnerabilities and Exposures

Upstream information

CVE-2009-3909 at MITRE

Description

Integer overflow in the read_channel_data function in plug-ins/file-psd/psd-load.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a crafted PSD file that triggers a heap-based buffer overflow.

NVD CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

Novell/SUSE information

Novell Bugzilla entry: 555166, 775429

SUSE Security Advisories:

SUSE-SR:2010:009, published Wed, 14 Apr 2010 13:00:00 +0000
openSUSE-SU-2010:0110-1, published Wed, 14 Apr 2010 17:08:13 +0200 (CEST)
openSUSE-SU-2010:0115-1, published Wed, 14 Apr 2010 17:08:22 +0200 (CEST)

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Linux Enterprise 11 Moblin 2.0	`gimp-debuginfo >= 2.6.2-3.28.1` `gimp-debugsource >= 2.6.2-3.28.1`	SAT Patch Nr: 2156
SUSE Linux Enterprise 11 Moblin 2.0	`gimp >= 2.6.2-3.28.1` `gimp-branding-upstream >= 2.6.2-3.28.1` `gimp-lang >= 2.6.2-3.28.1`	SAT Patch Nr: 2156
SUSE Linux Enterprise Desktop 10 SP3 for AMD64 and Intel EM64T SUSE Linux Enterprise Desktop 10 SP3 for x86 SUSE Linux Enterprise SDK 10 SP3	`gimp >= 2.2.10-22.33.1`	sle10-sp3-sdk.ia64 sled10-sp3.x86-64 sle10-sp3-sdk.x86 sle10-sp3-sdk.ia64 sle10-sp3-sdk.s390x sle10-sp3-sdk.x86 sle10-sp3-sdk.ppc sled10-sp3.x86 sle10-sp3-sdk.x86-64 sle10-sp3-sdk.ppc sled10-sp3.x86 sle10-sp3-sdk.x86-64 sled10-sp3.x86-64 sle10-sp3-sdk.s390x ZYPP Patch Nr: 6880
SUSE Linux Enterprise SDK 10 SP2	`gimp >= 2.2.10-22.33.1` `gimp-devel >= 2.2.10-22.33.1`	sled10-sp2.x86-64 sle10-sp2-sdk.ppc sle10-sp2-sdk.x86 sle10-sp2-sdk.ia64 sled10-sp2.x86 sle10-sp2-sdk.x86-64 sle10-sp2-sdk.s390x ZYPP Patch Nr: 6882
SUSE Linux Enterprise SDK 10 SP2	`gimp >= 2.2.10-22.32` `gimp-devel >= 2.2.10-22.32`	sled10-sp2.x86-64 sle10-sp2-sdk.ppc sle10-sp2-sdk.x86 sle10-sp2-sdk.ia64 sled10-sp2.x86 sle10-sp2-sdk.x86-64 sle10-sp2-sdk.s390x ZYPP Patch Nr: 6882
SUSE Linux Enterprise 11 GA DEBUGINFO	`gimp-debuginfo >= 2.6.2-3.28.1` `gimp-debugsource >= 2.6.2-3.28.1`	sled11.x86 sle11-sdk.x86 sle11-sdk.ppc sle11-sdk.x86-64 sle11-sdk.s390x sle11-sdk.ia64 sled11.x86-64 SAT Patch Nr: 2155
SUSE Linux Enterprise SDK 11 GA	`gimp >= 2.6.2-3.28.1` `gimp-devel >= 2.6.2-3.28.1` `gimp-lang >= 2.6.2-3.28.1` `gimp-plugins-python >= 2.6.2-3.28.1`	sled11.x86 sle11-sdk.x86 sle11-sdk.ppc sle11-sdk.x86-64 sle11-sdk.s390x sle11-sdk.ia64 sled11.x86-64 SAT Patch Nr: 2155
SUSE Linux Enterprise Desktop 11 GA	`gimp >= 2.6.2-3.28.1` `gimp-lang >= 2.6.2-3.28.1` `gimp-plugins-python >= 2.6.2-3.28.1`	sled11.x86 sle11-sdk.x86 sle11-sdk.ppc sle11-sdk.x86-64 sle11-sdk.s390x sle11-sdk.ia64 sled11.x86-64 SAT Patch Nr: 2155
SUSE Linux Enterprise 11 Moblin 2.1 DEBUGINFO	`gimp-debuginfo >= 2.6.2-3.28.1` `gimp-debugsource >= 2.6.2-3.28.1`	SAT Patch Nr: 2157
SUSE Linux Enterprise 11 Moblin 2.1	`gimp >= 2.6.2-3.28.1` `gimp-branding-upstream >= 2.6.2-3.28.1` `gimp-lang >= 2.6.2-3.28.1`	SAT Patch Nr: 2157
openSUSE 11.0	`gimp-debuginfo >= 2.4.5-41.2` `gimp-debugsource >= 2.4.5-41.2`
openSUSE 11.0	`gimp >= 2.4.5-41.2` `gimp-branding-upstream >= 2.4.5-41.2` `gimp-devel >= 2.4.5-41.2` `gimp-doc >= 2.4.5-41.2` `gimp-plugins-python >= 2.4.5-41.2`
openSUSE 11.2	`gimp-debuginfo >= 2.6.8-1.1.1` `gimp-debugsource >= 2.6.8-1.1.1` `gimp-devel-debuginfo >= 2.6.8-1.1.1` `gimp-help-browser-debuginfo >= 2.6.8-1.1.1` `gimp-plugins-python-debuginfo >= 2.6.8-1.1.1`
openSUSE 11.2	`gimp >= 2.6.8-1.1.1` `gimp-branding-upstream >= 2.6.8-1.1.1` `gimp-devel >= 2.6.8-1.1.1` `gimp-help-browser >= 2.6.8-1.1.1` `gimp-lang >= 2.6.8-1.1.1` `gimp-plugins-python >= 2.6.8-1.1.1`
openSUSE 11.1	`gimp-debuginfo >= 2.6.2-2.19.1` `gimp-debugsource >= 2.6.2-2.19.1`
openSUSE 11.1	`gimp >= 2.6.2-2.19.1` `gimp-branding-upstream >= 2.6.2-2.19.1` `gimp-devel >= 2.6.2-2.19.1` `gimp-doc >= 2.6.2-2.19.1` `gimp-lang >= 2.6.2-2.19.1` `gimp-plugins-python >= 2.6.2-2.19.1`

Products

Products By Category

Collaboration

Endpoint Management

File & Networking Services

Services & Support

Help Yourself

Let Us Help

Download

IT Consulting

Technical Training

Customer Center

Contribute

Partners

Partner With Novell

PartnerNet

Find a Partner

Developers

Communities

About Novell

How to Buy