CVE-2007-3741

Description

The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp allow user-assisted remote attackers to cause a denial of service (crash or memory consumption) via crafted image files, as discovered using the fusil fuzzing tool.

How to fix CVE-2007-3741

To remediate CVE-2007-3741, upgrade the affected package to a fixed version below.

• Debian/gimp—upgrade to 2.2.17-1 or later

Is CVE-2007-3741 being exploited?

Low — EPSS is 2.2%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 2.2.17-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2007-3741