Search for vulnerabilities
Vulnerability details: VCID-ewcc-z89w-aaad
Vulnerability ID VCID-ewcc-z89w-aaad
Aliases CVE-2007-2356
Summary Stack-based buffer overflow in the set_color_table function in sunras.c in the SUNRAS plugin in Gimp 2.2.14 allows user-assisted remote attackers to execute arbitrary code via a crafted RAS file.
Status Published
Exploitability 2.0
Weighted Severity 6.2
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-787 Out-of-bounds Write
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2007:0343
epss 0.05161 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.05161 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.05161 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.05161 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.05161 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.05161 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.05161 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.05161 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.05161 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.05161 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.05161 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.29984 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.29984 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.29984 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.32457 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.42611 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.4304 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=238420
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2007-2356
Reference id Reference type URL
http://lists.suse.com/archive/suse-security-announce/2007-May/0005.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2356.json
https://api.first.org/data/v1/epss?cve=CVE-2007-2356
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=238422
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2356
http://secunia.com/advisories/25012
http://secunia.com/advisories/25111
http://secunia.com/advisories/25167
http://secunia.com/advisories/25239
http://secunia.com/advisories/25346
http://secunia.com/advisories/25359
http://secunia.com/advisories/25466
http://secunia.com/advisories/25573
http://secunia.com/advisories/28114
http://security.gentoo.org/glsa/glsa-200705-08.xml
https://exchange.xforce.ibmcloud.com/vulnerabilities/33911
https://issues.rpath.com/browse/RPL-1318
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10054
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5960
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103170-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201320-1
http://www.debian.org/security/2007/dsa-1301
http://www.mandriva.com/security/advisories?name=MDKSA-2007:108
http://www.redhat.com/support/errata/RHSA-2007-0343.html
http://www.securityfocus.com/archive/1/467231/100/0/threaded
http://www.securityfocus.com/bid/23680
http://www.securitytracker.com/id?1018092
http://www.ubuntu.com/usn/usn-467-1
http://www.vupen.com/english/advisories/2007/1560
http://www.vupen.com/english/advisories/2007/4241
238420 https://bugzilla.redhat.com/show_bug.cgi?id=238420
cpe:2.3:a:gimp:gimp:2.2.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gimp:gimp:2.2.14:*:*:*:*:*:*:*
CVE-2007-2356 https://nvd.nist.gov/vuln/detail/CVE-2007-2356
GLSA-200705-08 https://security.gentoo.org/glsa/200705-08
OSVDB-35417;CVE-2007-2356 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/3801.c
OSVDB-35417;CVE-2007-2356 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows_x86/local/3888.c
RHSA-2007:0343 https://access.redhat.com/errata/RHSA-2007:0343
USN-467-1 https://usn.ubuntu.com/467-1/
Data source Exploit-DB
Date added May 8, 2007
Description GIMP 2.2.14 (Windows x86) - '.ras' Download/Execute Buffer Overflow
Ransomware campaign use Known
Source publication date May 9, 2007
Exploit type local
Platform windows_x86
Source update date Jan. 31, 2017
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2007-2356
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.93190
EPSS Score 0.05161
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.