CVE-2007-3126

Summary

CVE	CVE-2007-3126
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2007-06-08 00:30:00 UTC
Updated	2022-02-07 17:28:00 UTC
Description	Gimp before 2.8.22 allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, a similar issue to CVE-2007-2237.

Risk And Classification

Problem Types: NVD-CWE-noinfo

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Gimp	Gimp	All	All	All	All
Application	The Gimp Team	Gimp	2.3.14	All	All	All
Application	The Gimp Team	Gimp	2.3.14	All	All	All

References

Reference	Source	Link	Tags
SecurityFocus	BUGTRAQ	www.securityfocus.com
43453	OSVDB	osvdb.org
Bug 773233 - CVE-2007-3126 - Gimp 2.3.14 allows context-dependent attackers... (323ecb73) · Commits · GNOME / GIMP · GitLab	CONFIRM	git.gnome.org
Bug 778604 – CVE-2007-3126 - Gimp 2.3.14 allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero,	CONFIRM	bugzilla.gnome.org
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
GIMP 2.8.22 Released - GIMP	CONFIRM	www.gimp.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

Vendor Comments And Credit

Organization	Published	Contributor	Statement
Mandriva	2007-09-17	Vincent Danen	Mandriva does not consider a user-assisted crash of an end-user application such as the GIMP to be a security issue.
Red Hat	2007-06-29	Joshua Bressers	Red Hat does not consider a user-assisted crash of a user application such as GIMP to be a security issue.

There are currently no legacy QID mappings associated with this CVE.