UbuntuUpdates.org

Package "gimp"

Name: gimp

Description:

GNU Image Manipulation Program

Latest version: 2.10.30-1ubuntu0.1
Release: jammy (22.04)
Level: updates
Repository: universe
Homepage: https://www.gimp.org/

Links


Download "gimp"


Other versions of "gimp" in Jammy

Repository Area Version
base universe 2.10.30-1build1
security universe 2.10.30-1ubuntu0.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.10.30-1ubuntu0.1 2023-11-29 17:07:21 UTC

  gimp (2.10.30-1ubuntu0.1) jammy-security; urgency=medium

  [ Luís Infante da Câmara ]
  * SECURITY UPDATE: Buffer overflow leading to insufficient memory or
    program crash via a crafted XCF file (LP: #1982422)
    - debian/patches/CVE-2022-30067.patch: Stop loading paths and skip to
      the next property when xcf_old_path fails.
    - CVE-2022-30067
  * SECURITY UPDATE: Denial of service via a crafted XCF file
    (LP: #1982422)
    - debian/patches/CVE-2022-32990-1.patch: Check maximum dimensions when
      loading XCF files.
    - debian/patches/CVE-2022-32990-2.patch: Check for invalid offsets when
      loading XCF files.
    - debian/patches/CVE-2022-32990-3.patch: Return TRUE in
      gimp_channel_is_empty when channel is NULL.
    - CVE-2022-32990

  [ Marc Deslauriers ]
  * SECURITY UPDATE: DDS File Parsing Heap-based Buffer Overflow
    - debian/patches/CVE-2023-44441-1.patch: verify header information in
      plug-ins/file-dds/ddsread.c.
    - debian/patches/CVE-2023-44441-2.patch: fix checks in
      plug-ins/file-dds/ddsread.c.
    - debian/patches/CVE-2023-44441-3.patch: add additional fixes in
      plug-ins/file-dds/ddsread.c.
    - CVE-2023-44441
  * SECURITY UPDATE: PSD File Parsing Heap-based Buffer Overflow
    - debian/patches/CVE-2023-44442.patch: add missing break statement in
      plug-ins/file-psd/psd-util.c.
    - CVE-2023-44442
  * SECURITY UPDATE: PSP File Parsing Integer Overflow and Off-By-One
    - debian/patches/CVE-2023-44443_44444.patch: check
      color_palette_entries and fix buffer size in
      plug-ins/common/file-psp.c.
    - CVE-2023-44443
    - CVE-2023-44444

 -- Marc Deslauriers <email address hidden> Tue, 28 Nov 2023 07:38:10 -0500

1982422 Multiple vulnerabilities in Focal and Jammy
CVE-2022-30067 GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Through a crafted XCF file, the program will allocate for a huge amount of memory, result
CVE-2022-32990 An issue in gimp_layer_invalidate_boundary of GNOME GIMP 2.10.30 allows attackers to trigger an unhandled exception via a crafted XCF file, causing a
CVE-2023-44441 GIMP DDS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2023-44442 GIMP PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2023-44443 GIMP PSP File Parsing Integer Overflow Remote Code Execution Vulnerability
CVE-2023-44444 GIMP PSP File Parsing Off-By-One Remote Code Execution Vulnerability



About   -   Send Feedback to @ubuntu_updates