CVE-2007-2949

Description

Integer overflow in the seek_to_and_unpack_pixeldata function in the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute arbitrary code via a crafted PSD file that contains a large (1) width or (2) height value.

How to fix CVE-2007-2949

To remediate CVE-2007-2949, upgrade the affected package to a fixed version below.

• Debian/gimp—upgrade to 2.2.16-1 or later

Is CVE-2007-2949 being exploited?

Moderate — EPSS is 34.8%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 2.2.16-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2007-2949