Search for vulnerabilities
Vulnerability details: VCID-3sy4-pz5f-aaak
Vulnerability ID VCID-3sy4-pz5f-aaak
Aliases CVE-2009-1570
Summary Integer overflow in the ReadImage function in plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a BMP file with crafted width and height values that trigger a heap-based buffer overflow.
Status Published
Exploitability 0.5
Weighted Severity 8.4
Risk 4.2
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-190 Integer Overflow or Wraparound
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2011:0837
rhas Moderate https://access.redhat.com/errata/RHSA-2011:0838
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.0308 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.06504 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.06504 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.06504 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.06504 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.06504 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.06504 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.06504 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.06504 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.06504 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.06504 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.06504 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.10106 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.34047 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.34047 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.34047 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
epss 0.34047 https://api.first.org/data/v1/epss?cve=CVE-2009-1570
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=537356
cvssv2 9.3 https://nvd.nist.gov/vuln/detail/CVE-2009-1570
Reference id Reference type URL
http://git.gnome.org/cgit/gimp/commit/?h=gimp-2-6&id=df2b0aca2e7cdb95ebfd3454c65aaba0a83e9bbe
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1570.json
https://api.first.org/data/v1/epss?cve=CVE-2009-1570
https://bugzilla.gnome.org/show_bug.cgi?id=600484
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1570
http://secunia.com/advisories/37232
http://secunia.com/advisories/50737
http://secunia.com/secunia_research/2009-42/
http://security.gentoo.org/glsa/glsa-201209-23.xml
https://exchange.xforce.ibmcloud.com/vulnerabilities/54254
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8290
http://www.osvdb.org/59930
http://www.redhat.com/support/errata/RHSA-2011-0837.html
http://www.redhat.com/support/errata/RHSA-2011-0838.html
http://www.securityfocus.com/archive/1/507813/100/0/threaded
http://www.securityfocus.com/bid/37006
http://www.vupen.com/english/advisories/2009/3228
http://www.vupen.com/english/advisories/2009/3564
http://www.vupen.com/english/advisories/2010/1021
537356 https://bugzilla.redhat.com/show_bug.cgi?id=537356
555929 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555929
cpe:2.3:a:gimp:gimp:2.6.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gimp:gimp:2.6.7:*:*:*:*:*:*:*
CVE-2009-1570 https://nvd.nist.gov/vuln/detail/CVE-2009-1570
GLSA-201209-23 https://security.gentoo.org/glsa/201209-23
RHSA-2011:0837 https://access.redhat.com/errata/RHSA-2011:0837
RHSA-2011:0838 https://access.redhat.com/errata/RHSA-2011:0838
USN-880-1 https://usn.ubuntu.com/880-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2009-1570
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.85582
EPSS Score 0.0308
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.