Heap-Based Buffer Overflow in GIMP by GNOME
CVE-2017-17785

7.8HIGH

Key Information:

Vendor

Gimp

Status
Gimp
Vendor
CVE Published:
20 December 2017

What is CVE-2017-17785?

In GIMP version 2.8.22, a vulnerability was identified that could lead to a heap-based buffer overflow within the fli_read_brun function located in the plug-ins/file-fli/fli.c. This could potentially result in unauthorized access or execution of arbitrary code, posing serious risks to user systems. Users are advised to update to the latest version to mitigate any exploitation risks associated with this vulnerability.

References

https://bugzilla.gnome.org/show_bug.cgi?id=739133
x_refsource_MISC
https://www.debian.org/security/2017/dsa-4077
vendor-advisoryx_refsource_DEBIAN
https://usn.ubuntu.com/3539-1/
vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.