[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] GIMP 2.10.36 fixed multiple image format parser vulnerabilities
From:       Alan Coopersmith <alan.coopersmith () oracle ! com>
Date:       2023-11-20 20:05:36
Message-ID: ca835ded-9dcd-4345-a096-ddd9ddcb05e9 () oracle ! com
[Download RAW message or body]

https://www.gimp.org/news/2023/11/07/gimp-2-10-36-released/#fixed-vulnerabilities
reported:

> Four vulnerabilities were reported by the Zero Day Initiative in code for the following \
> formats and fixed immediately: 
> DDS: ZDI-CAN-22093
> PSD: ZDI-CAN-22094
> PSP: ZDI-CAN-22096 and ZDI-CAN-22097
> 
> Additionally dependencies have been updated in our binary packages, and with them, some \
> vulnerabilities recently reported in these libraries were fixed.

These vulnerabilities also had advisories released by ZDI which gave
the corresponding CVE ids:

ZDI-CAN-22093: CVE-2023-44441
  GIMP DDS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
  https://www.zerodayinitiative.com/advisories/ZDI-23-1592/

ZDI-CAN-22094: CVE-2023-44442
  GIMP PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
  https://www.zerodayinitiative.com/advisories/ZDI-23-1594/

ZDI-CAN-22096: CVE-2023-44443
  GIMP PSP File Parsing Integer Overflow Remote Code Execution Vulnerability
  https://www.zerodayinitiative.com/advisories/ZDI-23-1593/

ZDI-CAN-22097: CVE-2023-44444
  GIMP PSP File Parsing Off-By-One Remote Code Execution Vulnerability
  https://www.zerodayinitiative.com/advisories/ZDI-23-1591/

-- 
         -Alan Coopersmith-                 alan.coopersmith@oracle.com
          Oracle Solaris Engineering - https://blogs.oracle.com/solaris


[prev in list] [next in list] [prev in thread] [next in thread]