Opened 8 years ago

Closed 8 years ago

#8072 closed enhancement (fixed)

gimp-2.8.18

Reported by: bdubbs@… Owned by: bdubbs@…
Priority: highest Milestone: 7.10
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description (last modified by Douglas R. Reno)

New point version


We are releasing GIMP 2.8.18 to fix a vulnerability in the XCF loading code (CVE-2016-4994). With special XCF files, GIMP can be caused to crash, and possibly be made to execute arbitrary code provided by the attacker.

This release includes additional bug fixes since 2.8.16. An important change has happened to the initial startup experience on Microsoft Windows and OS X platforms - any “GIMP is not responding” errors encountered there should be gone.

The source code for GIMP 2.8.18 is available from our downloads page; pre-built packages for Microsoft Windows and OS X will follow shortly.
Use-after-free vulnerability in the xcf_load_image function in app/xcf/xcf-load.c in GIMP allows remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted XCF file. 
Impact
CVSS Severity (version 3.0):
CVSS v3 Base Score: 7.8 High
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 1.8
CVSS Version 3 Metrics:
Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High

Change History (5)

comment:1 by Douglas R. Reno, 8 years ago

Owner: changed from blfs-book@… to Douglas R. Reno
Status: newassigned

comment:2 by Douglas R. Reno, 8 years ago

Description: modified (diff)
Priority: normalhighest

Released to fix a Use-after-free vuln in the xcf_load_image function. Can cause a DoS (program carsh) or execute arbitrary code via a crafted XCF file.

CVE-2016-4494

Marked at a 7.8 HIGH by the NVD.

Will try to have this one done by the time I am done tonight.

comment:3 by Douglas R. Reno, 8 years ago

Owner: changed from Douglas R. Reno to blfs-book@…
Status: assignednew

comment:4 by bdubbs@…, 8 years ago

Owner: changed from blfs-book@… to bdubbs@…
Status: newassigned

comment:5 by bdubbs@…, 8 years ago

Resolution: fixed
Status: assignedclosed

Fixed at revision 17596.

Note: See TracTickets for help on using tickets.