[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] GIMP 2.10.36 fixed multiple image format parser vulnerabilities
From: Alan Coopersmith <alan.coopersmith () oracle ! com>
Date: 2023-11-20 20:05:36
Message-ID: ca835ded-9dcd-4345-a096-ddd9ddcb05e9 () oracle ! com
[Download RAW message or body]
https://www.gimp.org/news/2023/11/07/gimp-2-10-36-released/#fixed-vulnerabilities
reported:
> Four vulnerabilities were reported by the Zero Day Initiative in code for the following \
> formats and fixed immediately:
> DDS: ZDI-CAN-22093
> PSD: ZDI-CAN-22094
> PSP: ZDI-CAN-22096 and ZDI-CAN-22097
>
> Additionally dependencies have been updated in our binary packages, and with them, some \
> vulnerabilities recently reported in these libraries were fixed.
These vulnerabilities also had advisories released by ZDI which gave
the corresponding CVE ids:
ZDI-CAN-22093: CVE-2023-44441
GIMP DDS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://www.zerodayinitiative.com/advisories/ZDI-23-1592/
ZDI-CAN-22094: CVE-2023-44442
GIMP PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://www.zerodayinitiative.com/advisories/ZDI-23-1594/
ZDI-CAN-22096: CVE-2023-44443
GIMP PSP File Parsing Integer Overflow Remote Code Execution Vulnerability
https://www.zerodayinitiative.com/advisories/ZDI-23-1593/
ZDI-CAN-22097: CVE-2023-44444
GIMP PSP File Parsing Off-By-One Remote Code Execution Vulnerability
https://www.zerodayinitiative.com/advisories/ZDI-23-1591/
--
-Alan Coopersmith- alan.coopersmith@oracle.com
Oracle Solaris Engineering - https://blogs.oracle.com/solaris
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic