Fluid Attacks Database

Description

Integer overflow in the seek_to_and_unpack_pixeldata function in the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute arbitrary code via a crafted PSD file that contains a large (1) width or (2) height value.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	gimp	>=0 <2.2.16-1	2.2.16-1
debian 14	gimp	>=0 <2.2.16-1	2.2.16-1
debian 13	gimp	>=0 <2.2.16-1	2.2.16-1
debian 11	gimp	>=0 <2.2.16-1	2.2.16-1
rpm rhel5	gimp	<2:2.2.13-2.0.7.el5	2:2.2.13-2.0.7.el5

Aliases

1. CVE-2007-29492. NVD-2007-29493. OSV-DEBIAN-2007-29494. OSV-2007-29495. SECURITY-TRACKER-CVE-2007-2949

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.