[3.7) gimp: Multiple vulnerabilities (CVE-2017-17784, CVE-2017-17785, CVE-2017-17786, CVE-2017-17787, CVE-2017-17788, CVE-2017-17789) (#8351) · Issues · alpine / aports

[3.7) gimp: Multiple vulnerabilities (CVE-2017-17784, CVE-2017-17785, CVE-2017-17786, CVE-2017-17787, CVE-2017-17788, CVE-2017-17789)

CVE-2017-17784: In GIMP 2.8.22, there is a heap-based buffer over-read in load_image
in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data.

References:

http://openwall.com/lists/oss-security/2017/12/20/1
https://nvd.nist.gov/vuln/detail/CVE-2017-17784

Patch:

https://git.gnome.org/browse/gimp/commit/?id=c57f9dcf1934a9ab0cd67650f2dea18cb0902270

CVE-2017-17785: In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c.

References:

http://openwall.com/lists/oss-security/2017/12/20/1
https://nvd.nist.gov/vuln/detail/CVE-2017-17785

Patch:

https://git.gnome.org/browse/gimp/commit/?id=1882bac996a20ab5c15c42b0c5e8f49033a1af54

CVE-2017-17786: In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in plug-ins/common/file-tga.c
(related to bgr2rgb.part.1) via an unexpected bits-per-pixel value for an RGBA image.

References:

http://openwall.com/lists/oss-security/2017/12/20/1
https://nvd.nist.gov/vuln/detail/CVE-2017-17786

Patches:

https://git.gnome.org/browse/gimp/commit/?h=gimp-2-8&id=ef9c821fff8b637a2178eab1c78cae6764c50e12
https://git.gnome.org/browse/gimp/commit/?h=gimp-2-8&id=22e2571c25425f225abdb11a566cc281fca6f366

CVE-2017-17787: In GIMP 2.8.22, there is a heap-based buffer over-read in read_creator_block in plug-ins/common/file-psp.c.

References:

http://openwall.com/lists/oss-security/2017/12/20/1
https://nvd.nist.gov/vuln/detail/CVE-2017-17787

Patch:

https://git.gnome.org/browse/gimp/commit/?id=87ba505fff85989af795f4ab6a047713f4d9381d

CVE-2017-17788: In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream
in app/xcf/xcf.c when there is no ‘\0’ character after the version string.

References:

https://nvd.nist.gov/vuln/detail/CVE-2017-17788
http://openwall.com/lists/oss-security/2017/12/20/1

Patch:

https://git.gnome.org/browse/gimp/commit/?id=702c4227e8b6169f781e4bb5ae4b5733f51ab126

CVE-2017-17789: In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c.

References:

https://nvd.nist.gov/vuln/detail/CVE-2017-17789
http://openwall.com/lists/oss-security/2017/12/20/1

Patch:

https://git.gnome.org/browse/gimp/commit/?id=01898f10f87a094665a7fdcf7153990f4e511d3f

(from redmine: issue id 8351, created on 2017-12-26, closed on 2017-12-28)

Relations:
- parent #8349 (closed)
Changesets:
- Revision 743b8267 on 2017-12-28T08:38:51Z:

community/gimp: security fixes

CVE-2017-17784, CVE-2017-17785, CVE-2017-17786, CVE-2017-17787, CVE-2017-17789

Fixes #8351

CVE-2017-17788 applies only to >= v2.9.6

**CVE-2017-17784**: In GIMP 2.8.22, there is a heap-based buffer
over-read in load\_image  
in plug-ins/common/file-gbr.c in the gbr import parser, related to
mishandling of UTF-8 data.

### References:

http://openwall.com/lists/oss-security/2017/12/20/1  
https://nvd.nist.gov/vuln/detail/CVE-2017-17784

### Patch:

https://git.gnome.org/browse/gimp/commit/?id=c57f9dcf1934a9ab0cd67650f2dea18cb0902270

**CVE-2017-17785**: In GIMP 2.8.22, there is a heap-based buffer
overflow in the fli\_read\_brun function in plug-ins/file-fli/fli.c.

### References:

http://openwall.com/lists/oss-security/2017/12/20/1  
https://nvd.nist.gov/vuln/detail/CVE-2017-17785

### Patch:

https://git.gnome.org/browse/gimp/commit/?id=1882bac996a20ab5c15c42b0c5e8f49033a1af54

**CVE-2017-17786**: In GIMP 2.8.22, there is a heap-based buffer
over-read in ReadImage in plug-ins/common/file-tga.c  
(related to bgr2rgb.part.1) via an unexpected bits-per-pixel value for
an RGBA image.

### References:

http://openwall.com/lists/oss-security/2017/12/20/1  
https://nvd.nist.gov/vuln/detail/CVE-2017-17786

### Patches:

https://git.gnome.org/browse/gimp/commit/?h=gimp-2-8&id=ef9c821fff8b637a2178eab1c78cae6764c50e12  
https://git.gnome.org/browse/gimp/commit/?h=gimp-2-8&id=22e2571c25425f225abdb11a566cc281fca6f366

**CVE-2017-17787**: In GIMP 2.8.22, there is a heap-based buffer
over-read in read\_creator\_block in plug-ins/common/file-psp.c.

### References:

http://openwall.com/lists/oss-security/2017/12/20/1  
https://nvd.nist.gov/vuln/detail/CVE-2017-17787

### Patch:

https://git.gnome.org/browse/gimp/commit/?id=87ba505fff85989af795f4ab6a047713f4d9381d

**CVE-2017-17788**: In GIMP 2.8.22, there is a stack-based buffer
over-read in xcf\_load\_stream  
in app/xcf/xcf.c when there is no ‘\\0’ character after the version
string.

References:

https://nvd.nist.gov/vuln/detail/CVE-2017-17788  
http://openwall.com/lists/oss-security/2017/12/20/1

### Patch:

https://git.gnome.org/browse/gimp/commit/?id=702c4227e8b6169f781e4bb5ae4b5733f51ab126

**CVE-2017-17789**: In GIMP 2.8.22, there is a heap-based buffer
overflow in read\_channel\_data in plug-ins/common/file-psp.c.

### References:

https://nvd.nist.gov/vuln/detail/CVE-2017-17789  
http://openwall.com/lists/oss-security/2017/12/20/1

### Patch:

https://git.gnome.org/browse/gimp/commit/?id=01898f10f87a094665a7fdcf7153990f4e511d3f

*(from redmine: issue id 8351, created on 2017-12-26, closed on 2017-12-28)*

* Relations:
  * parent #8349
* Changesets:
  * Revision 743b8267d51329a3a6bc07528042efa837b07ecf on 2017-12-28T08:38:51Z:

```
community/gimp: security fixes

CVE-2017-17784, CVE-2017-17785, CVE-2017-17786, CVE-2017-17787, CVE-2017-17789

Fixes #8351

CVE-2017-17788 applies only to >= v2.9.6
```

To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information