gimp-2.8.18

[bdubbs@…]

New point version

We are releasing GIMP 2.8.18 to fix a vulnerability in the XCF loading code (CVE-2016-4994). With special XCF files, GIMP can be caused to crash, and possibly be made to execute arbitrary code provided by the attacker.

This release includes additional bug fixes since 2.8.16. An important change has happened to the initial startup experience on Microsoft Windows and OS X platforms - any “GIMP is not responding” errors encountered there should be gone.

The source code for GIMP 2.8.18 is available from our downloads page; pre-built packages for Microsoft Windows and OS X will follow shortly.

Use-after-free vulnerability in the xcf_load_image function in app/xcf/xcf-load.c in GIMP allows remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted XCF file. 

Impact
CVSS Severity (version 3.0):
CVSS v3 Base Score: 7.8 High
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 1.8
CVSS Version 3 Metrics:
Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High

[Douglas R. Reno]

Released to fix a Use-after-free vuln in the xcf_load_image function. Can cause a DoS (program carsh) or execute arbitrary code via a crafted XCF file.

CVE-2016-4494

Marked at a 7.8 HIGH by the NVD.

Will try to have this one done by the time I am done tonight.

[bdubbs@…]

Fixed at revision 17596.