Heap-based Buffer Over-read in GIMP by The GIMP Team
CVE-2017-17786

7.8HIGH

Key Information:

Vendor

Gimp

Status
Gimp
Vendor
CVE Published:
20 December 2017

What is CVE-2017-17786?

The vulnerability in GIMP 2.8.22 manifests as a heap-based buffer over-read in the ReadImage function within the file_tga plugin. This issue arises specifically due to an unexpected bits-per-pixel value when processing RGBA images, potentially allowing a malicious actor to exploit this weakness for arbitrary code execution or data leakage. It's crucial for users to apply the latest patches to mitigate this risk.

References

https://www.debian.org/security/2017/dsa-4077
vendor-advisoryx_refsource_DEBIAN
https://bugzilla.gnome.org/show_bug.cgi?id=739134
x_refsource_MISC
https://usn.ubuntu.com/3539-1/
vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2017-17786 : Heap-based Buffer Over-read in GIMP by The GIMP Team