Bug 1032241 - (CVE-2007-3126) VUL-1: CVE-2007-3126: gimp: Gimp 2.3.14 allows context-dependent attackers to cause a denial of service(crash) via an ICO file ...
(CVE-2007-3126)
VUL-1: CVE-2007-3126: gimp: Gimp 2.3.14 allows context-dependent attackers to...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/32819/
CVSSv2:SUSE:CVE-2007-3126:2.9:(AV:A/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-04-04 07:31 UTC by Alexander Bergmann
Modified: 2020-06-29 06:28 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2017-04-04 07:31:45 UTC
This bug was opened for referencing CVE-2007-3126.

Gimp 2.3.14 allows context-dependent attackers to cause a denial of service
(crash) via an ICO file with an InfoHeader containing a Height of zero, a
similar issue to CVE-2007-2237.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3126
http://people.canonical.com/~ubuntu-security/cve/2007/CVE-2007-3126.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3126
http://www.securityfocus.com/archive/1/archive/1/470751/100/0/threaded
http://osvdb.org/43453
http://xforce.iss.net/xforce/xfdb/34789
Comment 2 Antonio Larrosa 2017-04-04 08:54:13 UTC
Fixed with http://build.suse.de/request/show/130341 for SLE12-SP2
Comment 4 Bernhard Wiedemann 2017-04-04 10:01:04 UTC
This is an autogenerated message for OBS integration:
This bug (1032241) was mentioned in
https://build.opensuse.org/request/show/485060 42.2 / gimp
Comment 5 Swamp Workflow Management 2017-04-05 19:08:27 UTC
SUSE-SU-2017:0945-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 1025717,1032241
CVE References: CVE-2007-3126
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP2 (src):    gimp-2.8.18-8.1
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    gimp-2.8.18-8.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    gimp-2.8.18-8.1
Comment 6 Swamp Workflow Management 2017-04-12 16:14:40 UTC
openSUSE-SU-2017:0994-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 1025717,1032241
CVE References: CVE-2007-3126
Sources used:
openSUSE Leap 42.2 (src):    gimp-2.8.18-2.3.1
Comment 7 Marcus Meissner 2018-02-12 21:07:14 UTC
released