Heap-based Buffer Over-read in GIMP 2.8.22 by GIMP Development Team
CVE-2017-17787

7.8HIGH

Key Information:

Vendor

Gimp

Status
Gimp
Vendor
CVE Published:
20 December 2017

What is CVE-2017-17787?

A heap-based buffer over-read vulnerability exists in GIMP version 2.8.22 within the read_creator_block function located in the plug-ins/common/file-psp.c file. This flaw can be exploited by maliciously crafted image files, potentially leading to unexpected behavior or crashes. Users should apply the recommended security updates to mitigate the risk associated with this vulnerability.

References

https://www.debian.org/security/2017/dsa-4077
vendor-advisoryx_refsource_DEBIAN
https://usn.ubuntu.com/3539-1/
vendor-advisoryx_refsource_UBUNTU
http://www.openwall.com/lists/oss-security/2017/12/19/5
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.