Heap-based Buffer Over-read in GIMP 2.8.22 by the GIMP Development Team
CVE-2017-17784

7.8HIGH

Key Information:

Vendor

Gimp

Status
Gimp
Vendor
CVE Published:
20 December 2017

What is CVE-2017-17784?

In GIMP version 2.8.22, a vulnerability exists within the gbr import parser, specifically in the load_image function of the file-gbr.c file. This flaw arises from inadequate handling of UTF-8 data, resulting in a heap-based buffer over-read. This can potentially lead to exploitation, allowing an attacker to manipulate the way image files are processed, which may result in unauthorized access or data leakage.

References

https://www.debian.org/security/2017/dsa-4077
vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/102899
vdb-entryx_refsource_BID
https://usn.ubuntu.com/3539-1/
vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.