oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

GIMP 2.10.36 fixed multiple image format parser vulnerabilities

From: Alan Coopersmith <alan.coopersmith () oracle com>
Date: Mon, 20 Nov 2023 12:05:36 -0800
https://www.gimp.org/news/2023/11/07/gimp-2-10-36-released/#fixed-vulnerabilities
reported:


Four vulnerabilities were reported by the Zero Day Initiative in code for the following formats and fixed immediately:

    DDS: ZDI-CAN-22093
    PSD: ZDI-CAN-22094
    PSP: ZDI-CAN-22096 and ZDI-CAN-22097

Additionally dependencies have been updated in our binary packages, and with them, some vulnerabilities recently 
reported in these libraries were fixed.


These vulnerabilities also had advisories released by ZDI which gave
the corresponding CVE ids:

ZDI-CAN-22093: CVE-2023-44441
 GIMP DDS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
 https://www.zerodayinitiative.com/advisories/ZDI-23-1592/

ZDI-CAN-22094: CVE-2023-44442
 GIMP PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
 https://www.zerodayinitiative.com/advisories/ZDI-23-1594/

ZDI-CAN-22096: CVE-2023-44443
 GIMP PSP File Parsing Integer Overflow Remote Code Execution Vulnerability
 https://www.zerodayinitiative.com/advisories/ZDI-23-1593/

ZDI-CAN-22097: CVE-2023-44444
 GIMP PSP File Parsing Off-By-One Remote Code Execution Vulnerability
 https://www.zerodayinitiative.com/advisories/ZDI-23-1591/

--
        -Alan Coopersmith-                 alan.coopersmith () oracle com
         Oracle Solaris Engineering - https://blogs.oracle.com/solaris
Previous By Date Next
Previous By Thread Next

Current thread: