Published: 20/12/2017 Updated: 07/02/2022

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

In GIMP 2.8.22, there is a heap-based buffer over-read in read_creator_block in plug-ins/common/file-psp.c.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gimp gimp 2.8.22
debian debian linux 8.0
debian debian linux 7.0
debian debian linux 9.0
canonical ubuntu linux 14.04

Several security issues were fixed in GIMP ...

Several vulnerabilities were discovered in GIMP, the GNU Image Manipulation Program, which could result in denial of service (application crash) or potentially the execution of arbitrary code if malformed files are opened For the oldstable distribution (jessie), these problems have been fixed in version 2814-1+deb8u2 For the stable distribution ...

Debian Bug report logs - #884862 gimp: CVE-2017-17786: OOB read in TGA Package: src:gimp; Maintainer for src:gimp is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 20 Dec 2017 16:27:02 UTC Severity: normal Tags: fixed-upstream ...

Debian Bug report logs - #885347 gimp: CVE-2017-17788: buffer overread in XCF parser if version field has no null terminator Package: src:gimp; Maintainer for src:gimp is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 26 Dec 20 ...

Debian Bug report logs - #884925 gimp: CVE-2017-17784: heap overread in gbr parser / load_image / gimp_any_to_utf8 Package: src:gimp; Maintainer for src:gimp is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 21 Dec 2017 13:09:0 ...

Debian Bug report logs - #884837 gimp: CVE-2017-17789 Heap overflow in PSP import plugin Package: gimp; Maintainer for gimp is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Source for gimp is src:gimp (PTS, buildd, popcon) Reported by: Raphael Hertzog <hertzog@debianorg> Date: Wed, 20 Dec ...

Debian Bug report logs - #884836 gimp: CVE-2017-17785 Heap overflow in FLI import Package: gimp; Maintainer for gimp is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Source for gimp is src:gimp (PTS, buildd, popcon) Reported by: Raphael Hertzog <hertzog@debianorg> Date: Wed, 20 Dec 2017 0 ...

Debian Bug report logs - #884927 gimp: CVE-2017-17787: heap overread in psp importer / read_creator_block() Package: src:gimp; Maintainer for src:gimp is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 21 Dec 2017 13:12:04 UTC ...

In GIMP 2822, there is a heap-based buffer over-read in read_creator_block in plug-ins/common/file-pspc ...

CWE-125 https://bugzilla.gnome.org/show_bug.cgi?id=790853 http://www.openwall.com/lists/oss-security/2017/12/19/5 https://www.debian.org/security/2017/dsa-4077 https://lists.debian.org/debian-lts-announce/2017/12/msg00023.html https://usn.ubuntu.com/3539-1/https://usn.ubuntu.com/3539-1/https://nvd.nist.gov

Get Started

CVE-2017-17787

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect