[3.7) gimp: Multiple vulnerabilities (CVE-2017-17784, CVE-2017-17785, CVE-2017-17786, CVE-2017-17787, CVE-2017-17788, CVE-2017-17789)
CVE-2017-17784: In GIMP 2.8.22, there is a heap-based buffer
over-read in load_image
in plug-ins/common/file-gbr.c in the gbr import parser, related to
mishandling of UTF-8 data.
References:
http://openwall.com/lists/oss-security/2017/12/20/1
https://nvd.nist.gov/vuln/detail/CVE-2017-17784
Patch:
https://git.gnome.org/browse/gimp/commit/?id=c57f9dcf1934a9ab0cd67650f2dea18cb0902270
CVE-2017-17785: In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c.
References:
http://openwall.com/lists/oss-security/2017/12/20/1
https://nvd.nist.gov/vuln/detail/CVE-2017-17785
Patch:
https://git.gnome.org/browse/gimp/commit/?id=1882bac996a20ab5c15c42b0c5e8f49033a1af54
CVE-2017-17786: In GIMP 2.8.22, there is a heap-based buffer
over-read in ReadImage in plug-ins/common/file-tga.c
(related to bgr2rgb.part.1) via an unexpected bits-per-pixel value for
an RGBA image.
References:
http://openwall.com/lists/oss-security/2017/12/20/1
https://nvd.nist.gov/vuln/detail/CVE-2017-17786
Patches:
https://git.gnome.org/browse/gimp/commit/?h=gimp-2-8&id=ef9c821fff8b637a2178eab1c78cae6764c50e12
https://git.gnome.org/browse/gimp/commit/?h=gimp-2-8&id=22e2571c25425f225abdb11a566cc281fca6f366
CVE-2017-17787: In GIMP 2.8.22, there is a heap-based buffer over-read in read_creator_block in plug-ins/common/file-psp.c.
References:
http://openwall.com/lists/oss-security/2017/12/20/1
https://nvd.nist.gov/vuln/detail/CVE-2017-17787
Patch:
https://git.gnome.org/browse/gimp/commit/?id=87ba505fff85989af795f4ab6a047713f4d9381d
CVE-2017-17788: In GIMP 2.8.22, there is a stack-based buffer
over-read in xcf_load_stream
in app/xcf/xcf.c when there is no ‘\0’ character after the version
string.
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-17788
http://openwall.com/lists/oss-security/2017/12/20/1
Patch:
https://git.gnome.org/browse/gimp/commit/?id=702c4227e8b6169f781e4bb5ae4b5733f51ab126
CVE-2017-17789: In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c.
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-17789
http://openwall.com/lists/oss-security/2017/12/20/1
Patch:
https://git.gnome.org/browse/gimp/commit/?id=01898f10f87a094665a7fdcf7153990f4e511d3f
(from redmine: issue id 8351, created on 2017-12-26, closed on 2017-12-28)
- Relations:
- parent #8349 (closed)
- Changesets:
- Revision 743b8267 on 2017-12-28T08:38:51Z:
community/gimp: security fixes
CVE-2017-17784, CVE-2017-17785, CVE-2017-17786, CVE-2017-17787, CVE-2017-17789
Fixes #8351
CVE-2017-17788 applies only to >= v2.9.6