cve-2007-3126
Vulnerability from cvelistv5
Published
2007-06-08 00:00
Modified
2024-08-07 14:05
Severity ?
Summary
Gimp before 2.8.22 allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, a similar issue to CVE-2007-2237.
References
cve@mitre.orghttp://osvdb.org/43453Broken Link
cve@mitre.orghttp://www.securityfocus.com/archive/1/470751/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
cve@mitre.orghttps://bugzilla.gnome.org/show_bug.cgi?id=778604Issue Tracking, Third Party Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/34789Third Party Advisory, VDB Entry
cve@mitre.orghttps://git.gnome.org/browse/gimp/commit/?id=323ecb73f7bf36788fb7066eb2d6678830cd5de7Patch, Vendor Advisory
cve@mitre.orghttps://www.gimp.org/news/2017/05/11/gimp-2-8-22-released/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/43453Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/470751/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.gnome.org/show_bug.cgi?id=778604Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/34789Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://git.gnome.org/browse/gimp/commit/?id=323ecb73f7bf36788fb7066eb2d6678830cd5de7Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.gimp.org/news/2017/05/11/gimp-2-8-22-released/Vendor Advisory
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:05:28.411Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "43453",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/43453"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.gnome.org/show_bug.cgi?id=778604"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.gnome.org/browse/gimp/commit/?id=323ecb73f7bf36788fb7066eb2d6678830cd5de7"
          },
          {
            "name": "20070607 Re: CSIS Advisory: Microsoft GDI+ Integer division by zero flaw handling .ICO files",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/470751/100/0/threaded"
          },
          {
            "name": "gimp-ico-file-dos(34789)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34789"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.gimp.org/news/2017/05/11/gimp-2-8-22-released/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-06-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Gimp before 2.8.22 allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, a similar issue to CVE-2007-2237."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "43453",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/43453"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.gnome.org/show_bug.cgi?id=778604"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.gnome.org/browse/gimp/commit/?id=323ecb73f7bf36788fb7066eb2d6678830cd5de7"
        },
        {
          "name": "20070607 Re: CSIS Advisory: Microsoft GDI+ Integer division by zero flaw handling .ICO files",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/470751/100/0/threaded"
        },
        {
          "name": "gimp-ico-file-dos(34789)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34789"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.gimp.org/news/2017/05/11/gimp-2-8-22-released/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-3126",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Gimp before 2.8.22 allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, a similar issue to CVE-2007-2237."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "43453",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/43453"
            },
            {
              "name": "https://bugzilla.gnome.org/show_bug.cgi?id=778604",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=778604"
            },
            {
              "name": "https://git.gnome.org/browse/gimp/commit/?id=323ecb73f7bf36788fb7066eb2d6678830cd5de7",
              "refsource": "CONFIRM",
              "url": "https://git.gnome.org/browse/gimp/commit/?id=323ecb73f7bf36788fb7066eb2d6678830cd5de7"
            },
            {
              "name": "20070607 Re: CSIS Advisory: Microsoft GDI+ Integer division by zero flaw handling .ICO files",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/470751/100/0/threaded"
            },
            {
              "name": "gimp-ico-file-dos(34789)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34789"
            },
            {
              "name": "https://www.gimp.org/news/2017/05/11/gimp-2-8-22-released/",
              "refsource": "CONFIRM",
              "url": "https://www.gimp.org/news/2017/05/11/gimp-2-8-22-released/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-3126",
    "datePublished": "2007-06-08T00:00:00",
    "dateReserved": "2007-06-07T00:00:00",
    "dateUpdated": "2024-08-07T14:05:28.411Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.8.22\", \"matchCriteriaId\": \"2C488890-3699-42F7-983D-8CB9D0396F16\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Gimp before 2.8.22 allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, a similar issue to CVE-2007-2237.\"}, {\"lang\": \"es\", \"value\": \"Gimp anterior a la versi\\u00f3n 2.8.22 permite a los atacantes dependiendo del contexto causar una denegaci\\u00f3n de servicio (bloqueo) por medio de un archivo ICO con un InfoHeader que contiene una altura de cero, este es un problema similar al CVE-2007-2237.\"}]",
      "id": "CVE-2007-3126",
      "lastModified": "2024-11-21T00:32:27.877",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2007-06-08T00:30:00.000",
      "references": "[{\"url\": \"http://osvdb.org/43453\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/470751/100/0/threaded\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://bugzilla.gnome.org/show_bug.cgi?id=778604\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/34789\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://git.gnome.org/browse/gimp/commit/?id=323ecb73f7bf36788fb7066eb2d6678830cd5de7\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://www.gimp.org/news/2017/05/11/gimp-2-8-22-released/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://osvdb.org/43453\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/470751/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://bugzilla.gnome.org/show_bug.cgi?id=778604\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/34789\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://git.gnome.org/browse/gimp/commit/?id=323ecb73f7bf36788fb7066eb2d6678830cd5de7\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://www.gimp.org/news/2017/05/11/gimp-2-8-22-released/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vendorComments": "[{\"organization\": \"Mandriva\", \"comment\": \"Mandriva does not consider a user-assisted crash of an end-user application such as the GIMP to be a security issue.\", \"lastModified\": \"2007-09-17T00:00:00\"}, {\"organization\": \"Red Hat\", \"comment\": \"Red Hat does not consider a user-assisted crash of a user application such as GIMP to be a security issue.\", \"lastModified\": \"2007-06-29T00:00:00\"}]",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-3126\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-06-08T00:30:00.000\",\"lastModified\":\"2024-11-21T00:32:27.877\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Gimp before 2.8.22 allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, a similar issue to CVE-2007-2237.\"},{\"lang\":\"es\",\"value\":\"Gimp anterior a la versi\u00f3n 2.8.22 permite a los atacantes dependiendo del contexto causar una denegaci\u00f3n de servicio (bloqueo) por medio de un archivo ICO con un InfoHeader que contiene una altura de cero, este es un problema similar al CVE-2007-2237.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.8.22\",\"matchCriteriaId\":\"2C488890-3699-42F7-983D-8CB9D0396F16\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/43453\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securityfocus.com/archive/1/470751/100/0/threaded\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugzilla.gnome.org/show_bug.cgi?id=778604\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/34789\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://git.gnome.org/browse/gimp/commit/?id=323ecb73f7bf36788fb7066eb2d6678830cd5de7\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.gimp.org/news/2017/05/11/gimp-2-8-22-released/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://osvdb.org/43453\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securityfocus.com/archive/1/470751/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugzilla.gnome.org/show_bug.cgi?id=778604\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/34789\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://git.gnome.org/browse/gimp/commit/?id=323ecb73f7bf36788fb7066eb2d6678830cd5de7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.gimp.org/news/2017/05/11/gimp-2-8-22-released/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}],\"vendorComments\":[{\"organization\":\"Mandriva\",\"comment\":\"Mandriva does not consider a user-assisted crash of an end-user application such as the GIMP to be a security issue.\",\"lastModified\":\"2007-09-17T00:00:00\"},{\"organization\":\"Red Hat\",\"comment\":\"Red Hat does not consider a user-assisted crash of a user application such as GIMP to be a security issue.\",\"lastModified\":\"2007-06-29T00:00:00\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.