Context Navigation

← Previous Change
Ticket History
Next Change →

Changes between Initial Version and Version 2 of Ticket #8072

Timestamp:

07/16/2016 10:50:06 PM (8 years ago)

Author:

Douglas R. Reno

Comment:

Released to fix a Use-after-free vuln in the xcf_load_image function. Can cause a DoS (program carsh) or execute arbitrary code via a crafted XCF file.

CVE-2016-4494

Marked at a 7.8 HIGH by the NVD.

Will try to have this one done by the time I am done tonight.

Legend:

: Unmodified
: Added
: Removed
: Modified

Ticket #8072
- Property Owner changed from blfs-book@… to Douglas R. Reno
- Property Status new → assigned
- Property Priority normal → highest

Ticket #8072 – Description

-              initial
+              v2
 New point version
+{{{
+We are releasing GIMP 2.8.18 to fix a vulnerability in the XCF loading code (CVE-2016-4994). With special XCF files, GIMP can be caused to crash, and possibly be made to execute arbitrary code provided by the attacker.
+This release includes additional bug fixes since 2.8.16. An important change has happened to the initial startup experience on Microsoft Windows and OS X platforms - any “GIMP is not responding” errors encountered there should be gone.
+The source code for GIMP 2.8.18 is available from our downloads page; pre-built packages for Microsoft Windows and OS X will follow shortly.
+}}}
+{{{
+Use-after-free vulnerability in the xcf_load_image function in app/xcf/xcf-load.c in GIMP allows remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted XCF file.
+}}}
+{{{
+Impact
+CVSS Severity (version 3.0):
+CVSS v3 Base Score: 7.8 High
+Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
+Impact Score: 5.9
+Exploitability Score: 1.8
+CVSS Version 3 Metrics:
+Attack Vector (AV): Local
+Attack Complexity (AC): Low
+Privileges Required (PR): None
+User Interaction (UI): Required
+Scope (S): Unchanged
+Confidentiality (C): High
+Integrity (I): High
+Availability (A): High
+}}}