Heap-Based Buffer Overflow in GIMP Affects Software from GNU
CVE-2017-17789

7.8HIGH

Key Information:

Vendor

Gimp

Status
Gimp
Vendor
CVE Published:
20 December 2017

What is CVE-2017-17789?

A heap-based buffer overflow vulnerability exists in GIMP version 2.8.22, specifically in the read_channel_data function located in plug-ins/common/file-psp.c. This flaw may allow attackers to execute arbitrary code, potentially compromising the integrity and confidentiality of affected systems. Users are advised to upgrade to the latest version of GIMP or apply the relevant patches to mitigate risks associated with this vulnerability.

References

http://www.securityfocus.com/bid/102898
vdb-entryx_refsource_BID
https://www.debian.org/security/2017/dsa-4077
vendor-advisoryx_refsource_DEBIAN
https://usn.ubuntu.com/3539-1/
vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.