Vulnerability Report

CVE-2009-3909

RCE

Title: Gimp RCE

RCE

Proof Of Concept

No public PoC currently indexed for CVE-2009-3909.

CWE Category CWE-190

Published Date Nov 19, 2009

Modified Date Apr 09, 2025

Exploit Status Not Found

Score 9.3 CVSS v2.0

Exploit Probability (EPSS)

6.71%

Vulnerability Summary

CVE-2009-3909: Integer overflow in the read_channel_data function in plug-ins/file-psd/psd-load.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a crafted PSD file that triggers a heap-based buffer overflow.

Impacted Vendors

gimp 1

gnu 1

Reference Links

http://git.gnome.org/cgit/gimp/commit/?id=0e440cb6d4d6ee029667363d244aff61b154c33c http://git.gnome.org/cgit/gimp/commit/?id=9cc8d78ff33b7a36852b74e64b427489cad44d0e http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html http://osvdb.org/60178 http://rhn.redhat.com/errata/RHSA-2012-1181.html http://secunia.com/advisories/37348 http://secunia.com/advisories/50737 http://secunia.com/secunia_research/2009-43/ http://security.gentoo.org/glsa/glsa-201209-23.xml http://www.debian.org/security/2009/dsa-1941 http://www.mandriva.com/security/advisories?name=MDVSA-2009:332 http://www.securityfocus.com/archive/1/507928/100/0/threaded http://www.securityfocus.com/bid/37040 http://www.vupen.com/english/advisories/2009/3270 http://www.vupen.com/english/advisories/2010/1021 https://bugzilla.gnome.org/show_bug.cgi?id=600741 http://git.gnome.org/cgit/gimp/commit/?id=0e440cb6d4d6ee029667363d244aff61b154c33c http://git.gnome.org/cgit/gimp/commit/?id=9cc8d78ff33b7a36852b74e64b427489cad44d0e http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html http://osvdb.org/60178 http://rhn.redhat.com/errata/RHSA-2012-1181.html http://secunia.com/advisories/37348 http://secunia.com/advisories/50737 http://secunia.com/secunia_research/2009-43/ http://security.gentoo.org/glsa/glsa-201209-23.xml http://www.debian.org/security/2009/dsa-1941 http://www.mandriva.com/security/advisories?name=MDVSA-2009:332 http://www.securityfocus.com/archive/1/507928/100/0/threaded http://www.securityfocus.com/bid/37040 http://www.vupen.com/english/advisories/2009/3270 http://www.vupen.com/english/advisories/2010/1021 https://bugzilla.gnome.org/show_bug.cgi?id=600741

CVSS v2.0

Source Entity [email protected]

Severity HIGH

9.3

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:N/AC:M/Au:N/C:C/I:C/A:C

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2009-3909 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

April 09, 2025 MODIFIED

Vulnerability data or affected products updated.

November 19, 2009 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A

Complexity N/A

Privileges N/A

Interaction NONE

CVSS Vector String


                                    AV:N/AC:M/Au:N/C:C/I:C/A:C

Affected Stack

No specific products linked.