NVD

CVE-2007-2949 Detail

Deferred

This CVE record is not being prioritized for NVD enrichment efforts due to resource or other concerns.

Description

Integer overflow in the seek_to_and_unpack_pixeldata function in the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute arbitrary code via a crafted PSD file that contains a large (1) width or (2) height value.

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: 6.8 MEDIUM

Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL	Source(s)	Tag(s)
http://issues.foresightlinux.org/browse/FL-457	CVE, Flexera Software LLC	Broken Link
http://osvdb.org/37804	CVE, Flexera Software LLC	Broken Link
http://secunia.com/advisories/25677	CVE, Flexera Software LLC	Broken Link Patch
http://secunia.com/advisories/25949	CVE, Flexera Software LLC	Broken Link
http://secunia.com/advisories/26044	CVE, Flexera Software LLC	Broken Link
http://secunia.com/advisories/26132	CVE, Flexera Software LLC	Broken Link
http://secunia.com/advisories/26215	CVE, Flexera Software LLC	Broken Link
http://secunia.com/advisories/26384	CVE, Flexera Software LLC	Broken Link
http://secunia.com/advisories/26575	CVE, Flexera Software LLC	Broken Link
http://secunia.com/advisories/26939	CVE, Flexera Software LLC	Broken Link
http://secunia.com/advisories/28114	CVE, Flexera Software LLC	Broken Link
http://secunia.com/secunia_research/2007-63/advisory/	CVE, Flexera Software LLC	Broken Link Patch Vendor Advisory
http://security.gentoo.org/glsa/glsa-200707-09.xml	CVE, Flexera Software LLC	Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103170-1	CVE, Flexera Software LLC	Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201320-1	CVE, Flexera Software LLC	Broken Link
http://svn.gnome.org/viewcvs/gimp?view=revision&revision=22798	CVE, Flexera Software LLC	Vendor Advisory
http://www.debian.org/security/2007/dsa-1335	CVE, Flexera Software LLC	Third Party Advisory
http://www.kb.cert.org/vuls/id/399896	CVE, Flexera Software LLC	Third Party Advisory US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2007:170	CVE, Flexera Software LLC	Broken Link
http://www.novell.com/linux/security/advisories/2007_15_sr.html	CVE, Flexera Software LLC	Broken Link
http://www.redhat.com/support/errata/RHSA-2007-0513.html	CVE, Flexera Software LLC	Broken Link
http://www.securityfocus.com/bid/24745	CVE, Flexera Software LLC	Broken Link Third Party Advisory VDB Entry
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.360191	CVE, Flexera Software LLC	Third Party Advisory
http://www.ubuntu.com/usn/usn-480-1	CVE, Flexera Software LLC	Third Party Advisory
http://www.vupen.com/english/advisories/2007/2421	CVE, Flexera Software LLC	Broken Link
http://www.vupen.com/english/advisories/2007/4241	CVE, Flexera Software LLC	Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/35246	CVE, Flexera Software LLC	Third Party Advisory VDB Entry
https://issues.rpath.com/browse/RPL-1487	CVE, Flexera Software LLC	Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11276	CVE, Flexera Software LLC	Tool Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5772	CVE, Flexera Software LLC	Tool Signature

Weakness Enumeration

CWE-ID	CWE Name	Source
CWE-190	Integer Overflow or Wraparound	NIST

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

6 change records found show changes

CVE Modified by CVE 11/20/2024 7:32:02 PM

Action	Type	New Value
Added	Reference	http://issues.foresightlinux.org/browse/FL-457
Added	Reference	http://osvdb.org/37804
Added	Reference	http://secunia.com/advisories/25677
Added	Reference	http://secunia.com/advisories/25949
Added	Reference	http://secunia.com/advisories/26044
Added	Reference	http://secunia.com/advisories/26132
Added	Reference	http://secunia.com/advisories/26215
Added	Reference	http://secunia.com/advisories/26384
Added	Reference	http://secunia.com/advisories/26575
Added	Reference	http://secunia.com/advisories/26939
Added	Reference	http://secunia.com/advisories/28114
Added	Reference	http://secunia.com/secunia_research/2007-63/advisory/
Added	Reference	http://security.gentoo.org/glsa/glsa-200707-09.xml
Added	Reference	http://sunsolve.sun.com/search/document.do?assetkey=1-26-103170-1
Added	Reference	http://sunsolve.sun.com/search/document.do?assetkey=1-66-201320-1
Added	Reference	http://svn.gnome.org/viewcvs/gimp?view=revision&revision=22798
Added	Reference	http://www.debian.org/security/2007/dsa-1335
Added	Reference	http://www.kb.cert.org/vuls/id/399896
Added	Reference	http://www.mandriva.com/security/advisories?name=MDKSA-2007:170
Added	Reference	http://www.novell.com/linux/security/advisories/2007_15_sr.html
Added	Reference	http://www.redhat.com/support/errata/RHSA-2007-0513.html
Added	Reference	http://www.securityfocus.com/bid/24745
Added	Reference	http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.360191
Added	Reference	http://www.ubuntu.com/usn/usn-480-1
Added	Reference	http://www.vupen.com/english/advisories/2007/2421
Added	Reference	http://www.vupen.com/english/advisories/2007/4241
Added	Reference	https://exchange.xforce.ibmcloud.com/vulnerabilities/35246
Added	Reference	https://issues.rpath.com/browse/RPL-1487
Added	Reference	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11276
Added	Reference	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5772

Modified Analysis by NIST 2/07/2022 12:48:32 PM

Action	Type	Old Value	New Value
Added	CWE		NIST CWE-190
Removed	CWE	NIST NVD-CWE-Other
Changed	CPE Configuration	AND OR cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts::amd64::::: cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts::i386::::: cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts::powerpc::::: cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts::sparc::::: cpe:2.3:o:ubuntu:ubuntu_linux:6.10::amd64::::: cpe:2.3:o:ubuntu:ubuntu_linux:6.10::i386::::: cpe:2.3:o:ubuntu:ubuntu_linux:6.10::powerpc::::: cpe:2.3:o:ubuntu:ubuntu_linux:6.10::sparc::::: cpe:2.3:o:ubuntu:ubuntu_linux:7.04::amd64::::: cpe:2.3:o:ubuntu:ubuntu_linux:7.04::i386::::: cpe:2.3:o:ubuntu:ubuntu_linux:7.04::powerpc::::: cpe:2.3:o:ubuntu:ubuntu_linux:7.04::sparc::::: OR cpe:2.3:a:the_gimp_team:gimp:1.2.5::::::: cpe:2.3:a:the_gimp_team:gimp:2.2.4::::::: cpe:2.3:a:the_gimp_team:gimp:2.2.6::::::: cpe:2.3:a:the_gimp_team:gimp:2.2.8::::::: cpe:2.3:a:the_gimp_team:gimp:2.2.10::::::: cpe:2.3:a:the_gimp_team:gimp:2.2.11::::::: cpe:2.3:a:the_gimp_team:gimp:2.2.12::::::: cpe:2.3:a:the_gimp_team:gimp:2.2.14::::::: cpe:2.3:a:the_gimp_team:gimp:2.2.15:::::::	OR cpe:2.3:a:gimp:gimp::::::::* versions up to (including) 2.2.15
Added	CPE Configuration		OR cpe:2.3:o:canonical:ubuntu_linux:6.06::::::: cpe:2.3:o:canonical:ubuntu_linux:6.10::::::: cpe:2.3:o:canonical:ubuntu_linux:7.04:::::::
Changed	Reference Type	http://issues.foresightlinux.org/browse/FL-457 No Types Assigned	http://issues.foresightlinux.org/browse/FL-457 Broken Link
Changed	Reference Type	http://osvdb.org/37804 No Types Assigned	http://osvdb.org/37804 Broken Link
Changed	Reference Type	http://secunia.com/advisories/25677 Patch, Vendor Advisory	http://secunia.com/advisories/25677 Broken Link, Patch
Changed	Reference Type	http://secunia.com/advisories/25949 No Types Assigned	http://secunia.com/advisories/25949 Broken Link
Changed	Reference Type	http://secunia.com/advisories/26044 No Types Assigned	http://secunia.com/advisories/26044 Broken Link
Changed	Reference Type	http://secunia.com/advisories/26132 No Types Assigned	http://secunia.com/advisories/26132 Broken Link
Changed	Reference Type	http://secunia.com/advisories/26215 No Types Assigned	http://secunia.com/advisories/26215 Broken Link
Changed	Reference Type	http://secunia.com/advisories/26384 No Types Assigned	http://secunia.com/advisories/26384 Broken Link
Changed	Reference Type	http://secunia.com/advisories/26575 No Types Assigned	http://secunia.com/advisories/26575 Broken Link
Changed	Reference Type	http://secunia.com/advisories/26939 No Types Assigned	http://secunia.com/advisories/26939 Broken Link
Changed	Reference Type	http://secunia.com/advisories/28114 No Types Assigned	http://secunia.com/advisories/28114 Broken Link
Changed	Reference Type	http://secunia.com/secunia_research/2007-63/advisory/ Patch, Vendor Advisory	http://secunia.com/secunia_research/2007-63/advisory/ Broken Link, Patch, Vendor Advisory
Changed	Reference Type	http://security.gentoo.org/glsa/glsa-200707-09.xml No Types Assigned	http://security.gentoo.org/glsa/glsa-200707-09.xml Third Party Advisory
Changed	Reference Type	http://sunsolve.sun.com/search/document.do?assetkey=1-26-103170-1 No Types Assigned	http://sunsolve.sun.com/search/document.do?assetkey=1-26-103170-1 Broken Link
Changed	Reference Type	http://sunsolve.sun.com/search/document.do?assetkey=1-66-201320-1 No Types Assigned	http://sunsolve.sun.com/search/document.do?assetkey=1-66-201320-1 Broken Link
Changed	Reference Type	http://svn.gnome.org/viewcvs/gimp?view=revision&revision=22798 No Types Assigned	http://svn.gnome.org/viewcvs/gimp?view=revision&revision=22798 Vendor Advisory
Changed	Reference Type	http://www.debian.org/security/2007/dsa-1335 No Types Assigned	http://www.debian.org/security/2007/dsa-1335 Third Party Advisory
Changed	Reference Type	http://www.kb.cert.org/vuls/id/399896 US Government Resource	http://www.kb.cert.org/vuls/id/399896 Third Party Advisory, US Government Resource
Changed	Reference Type	http://www.mandriva.com/security/advisories?name=MDKSA-2007:170 No Types Assigned	http://www.mandriva.com/security/advisories?name=MDKSA-2007:170 Broken Link
Changed	Reference Type	http://www.novell.com/linux/security/advisories/2007_15_sr.html No Types Assigned	http://www.novell.com/linux/security/advisories/2007_15_sr.html Broken Link
Changed	Reference Type	http://www.redhat.com/support/errata/RHSA-2007-0513.html No Types Assigned	http://www.redhat.com/support/errata/RHSA-2007-0513.html Broken Link
Changed	Reference Type	http://www.securityfocus.com/bid/24745 No Types Assigned	http://www.securityfocus.com/bid/24745 Broken Link, Third Party Advisory, VDB Entry
Changed	Reference Type	http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.360191 No Types Assigned	http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.360191 Third Party Advisory
Changed	Reference Type	http://www.ubuntu.com/usn/usn-480-1 No Types Assigned	http://www.ubuntu.com/usn/usn-480-1 Third Party Advisory
Changed	Reference Type	http://www.vupen.com/english/advisories/2007/2421 No Types Assigned	http://www.vupen.com/english/advisories/2007/2421 Broken Link
Changed	Reference Type	http://www.vupen.com/english/advisories/2007/4241 No Types Assigned	http://www.vupen.com/english/advisories/2007/4241 Broken Link
Changed	Reference Type	https://exchange.xforce.ibmcloud.com/vulnerabilities/35246 No Types Assigned	https://exchange.xforce.ibmcloud.com/vulnerabilities/35246 Third Party Advisory, VDB Entry
Changed	Reference Type	https://issues.rpath.com/browse/RPL-1487 No Types Assigned	https://issues.rpath.com/browse/RPL-1487 Broken Link
Changed	Reference Type	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11276 No Types Assigned	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11276 Tool Signature
Changed	Reference Type	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5772 No Types Assigned	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5772 Tool Signature

Quick Info

CVE Dictionary Entry:
CVE-2007-2949
NVD Published Date:
07/04/2007
NVD Last Modified:
04/08/2025
Source:
Flexera Software LLC

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

CVE-2007-2949 Detail

Description

Metrics

References to Advisories, Solutions, and Tools

Weakness Enumeration

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Change History

CVE Modified by CVE 11/20/2024 7:32:02 PM

CVE Modified by Flexera Software LLC 5/13/2024 9:45:41 PM

Modified Analysis by NIST 2/07/2022 12:48:32 PM

CVE Modified by Flexera Software LLC 10/10/2017 9:32:29 PM

CVE Modified by Flexera Software LLC 7/28/2017 9:31:51 PM

Initial CVE Analysis 7/05/2007 2:40:00 PM

Quick Info