UbuntuUpdates.org

Package "gimp-data"

Name: gimp-data

Description:

Data files for GIMP
Latest version: 2.10.30-1ubuntu0.1
Release: jammy (22.04)
Level: security
Repository: universe
Head package: gimp
Homepage: https://www.gimp.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "gimp-data"

All arch deb package
APT INSTALL

Other versions of "gimp-data" in Jammy

Repository Area Version
base universe 2.10.30-1build1
updates universe 2.10.30-1ubuntu0.1

Changelog

Version: 2.10.30-1ubuntu0.1 2023-11-29 14:06:58 UTC

  gimp (2.10.30-1ubuntu0.1) jammy-security; urgency=medium

  [ Luís Infante da Câmara ]
  * SECURITY UPDATE: Buffer overflow leading to insufficient memory or
    program crash via a crafted XCF file (LP: #1982422)
    - debian/patches/CVE-2022-30067.patch: Stop loading paths and skip to
      the next property when xcf_old_path fails.
    - CVE-2022-30067
  * SECURITY UPDATE: Denial of service via a crafted XCF file
    (LP: #1982422)
    - debian/patches/CVE-2022-32990-1.patch: Check maximum dimensions when
      loading XCF files.
    - debian/patches/CVE-2022-32990-2.patch: Check for invalid offsets when
      loading XCF files.
    - debian/patches/CVE-2022-32990-3.patch: Return TRUE in
      gimp_channel_is_empty when channel is NULL.
    - CVE-2022-32990

  [ Marc Deslauriers ]
  * SECURITY UPDATE: DDS File Parsing Heap-based Buffer Overflow
    - debian/patches/CVE-2023-44441-1.patch: verify header information in
      plug-ins/file-dds/ddsread.c.
    - debian/patches/CVE-2023-44441-2.patch: fix checks in
      plug-ins/file-dds/ddsread.c.
    - debian/patches/CVE-2023-44441-3.patch: add additional fixes in
      plug-ins/file-dds/ddsread.c.
    - CVE-2023-44441
  * SECURITY UPDATE: PSD File Parsing Heap-based Buffer Overflow
    - debian/patches/CVE-2023-44442.patch: add missing break statement in
      plug-ins/file-psd/psd-util.c.
    - CVE-2023-44442
  * SECURITY UPDATE: PSP File Parsing Integer Overflow and Off-By-One
    - debian/patches/CVE-2023-44443_44444.patch: check
      color_palette_entries and fix buffer size in
      plug-ins/common/file-psp.c.
    - CVE-2023-44443
    - CVE-2023-44444

 -- Marc Deslauriers <email address hidden> Tue, 28 Nov 2023 07:38:10 -0500
1982422 Multiple vulnerabilities in Focal and Jammy
CVE-2022-30067 GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Through a crafted XCF file, the program will allocate for a huge amount of memory, result
CVE-2022-32990 An issue in gimp_layer_invalidate_boundary of GNOME GIMP 2.10.30 allows attackers to trigger an unhandled exception via a crafted XCF file, causing a
CVE-2023-44441 GIMP DDS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2023-44442 GIMP PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2023-44443 GIMP PSP File Parsing Integer Overflow Remote Code Execution Vulnerability
CVE-2023-44444 GIMP PSP File Parsing Off-By-One Remote Code Execution Vulnerability


About   -   Send Feedback to @ubuntu_updates