The client provides graphical and command line tools for a large
number of operating systems. Also available is a suite of plugins
that integrate with various programming IDEs and third party
applications, such as XCode, Autodesk 3D Studio Max, Alias Maya,
Adobe Photoshop, Microsoft Office, Eclipse and Emacs.
Other features of the system include support for reporting
(i.e. notifying users when a file has changed), branching and
merging, and defect tracking."
Description:
DynPG is used to upload and manage dynamic web content similar to other content management systems.
DynPG however differs from other CMS, because it is embedded directly into websites.
The software was originally developed to realize designs that are created with Adobe Photoshop, Adobe Fireworks, Adobe Illustrator or any other graphics software.
The layout is created with an editor like Adobe Dreamweaver or Adobe GoLive or even as simple code.
After that, code snippets are placed at those points, where dynamically generated content (like articles, galleries, blogs or other dynamic content) shall be generated.
It provides a convenient way to extend existing websites with dynamic content. DynPG provides a template engine, but also supports existing CSS layouts.
########################################################
can be exploited by malicious people to compromise a user's system.
The vulnerability is caused by a sign-extension error when processing
certain PSD images, which can be exploited to cause a heap-based
buffer overflow by tricking a user into opening a specially crafted
PSD file.
Successful exploitation may allow execution of arbitrary code.
======================================================================
5) Solution
can be exploited by malicious people to compromise a user's system.
The vulnerability is caused by a boundary error when processing
certain RLE compressed PSD images and can be exploited to cause a
heap-based buffer overflow by tricking a user into opening a specially
crafted PSD file.
Successful exploitation may allow execution of arbitrary code.
======================================================================
5) Solution
A vulnerability was discovered and corrected in gimp:
Integer overflow in the read_channel_data function in
plug-ins/file-psd/psd-load.c in GIMP 2.6.7 might allow remote attackers
to execute arbitrary code via a crafted PSD file that triggers a
heap-based buffer overflow (CVE-2009-3909).
Additionally the patch for CVE-2009-1570 in MDVSA-2009:296 was
incomplete, this update corrects this as well.
via crafted length values in (1) DICOM, (2) PNM, (3) PSD, (4) PSP,
(5) Sun RAS, (6) XBM, and (7) XWD files. (CVE-2006-4519)
Integer overflow in the seek_to_and_unpack_pixeldata function in
the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute
arbitrary code via a crafted PSD file that contains a large (1)
width or (2) height value. (CVE-2007-2949)
Victor Stinner has discovered several flaws in file plug-ins using
his fuzzyfier tool fusil. Several modified image files cause the
plug-ins to crash or consume excessive amounts of memory due to
malformed BMP files. If a user were tricked into opening a specially
crafted BMP file, an attacker could execute arbitrary code with the user's
privileges. (CVE-2009-1570)
Stefan Cornelius discovered that GIMP did not correctly handle certain
malformed PSD files. If a user were tricked into opening a specially
crafted PSD file, an attacker could execute arbitrary code with the user's
privileges. This issue only applied to Ubuntu 8.10, 9.04 and 9.10.
(CVE-2009-3909)
A vulnerability was discovered and corrected in gimp:
Integer overflow in the read_channel_data function in
plug-ins/file-psd/psd-load.c in GIMP 2.6.7 might allow remote attackers
to execute arbitrary code via a crafted PSD file that triggers a
heap-based buffer overflow (CVE-2009-3909).
Additionally the patch for CVE-2009-1570 in MDVSA-2009:296 was
incomplete, this update corrects this as well.
system.
The vulnerability is caused by an integer overflow error within the
"read_channel_data()" function in plug-ins/file-psd/psd-load.c. This
can be exploited to cause a heap-based buffer overflow by e.g.
tricking a user into opening a specially crafted PSD file.
======================================================================
5) Solution
Fixed in the GIT repository.
