CVE-2017-17787Out-of-bounds Read in Gimp

CWE-125Out-of-bounds Read10 documents8 sources
Severity
7.8HIGHNVD
EPSS
0.3%
top 43.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
GimpCanonical Ubuntu LinuxDebian Linux
Timeline
PublishedDec 20
Latest updateMay 13

Description

In GIMP 2.8.22, there is a heap-based buffer over-read in read_creator_block in plug-ins/common/file-psp.c.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

Debiangimp/gimp< 2.8.20-1.1+3
Ubuntugimp/gimp< 2.8.10-0ubuntu1.2
NVDgimp/gimp2.8.22

Also affects: Debian Linux 7.0, 8.0, 9.0, Ubuntu Linux 14.04

Patches

Patch: bugzilla.gnome.orgPatch: bugzilla.gnome.org

🔴Vulnerability Details

4
GHSA
GHSA-gh65-7qg5-gfmr: In GIMP 22022-05-13
OSV
gimp vulnerabilities2018-01-22
OSV
CVE-2017-17787: In GIMP 22017-12-20
CVEList
CVE-2017-17787: In GIMP 22017-12-20

📋Vendor Advisories

3
Ubuntu
GIMP vulnerabilities2018-01-22
Red Hat
gimp: Heap-based buffer over-read in read_creator_block function in plug-ins/common/file-psp.c2017-12-19
Debian
CVE-2017-17787: gimp - In GIMP 2.8.22, there is a heap-based buffer over-read in read_creator_block in ...2017

💬Community

2
Bugzilla
CVE-2017-17784 CVE-2017-17785 CVE-2017-17786 CVE-2017-17787 CVE-2017-17788 CVE-2017-17789 gimp: various flaws [fedora-all]2017-12-26
Bugzilla
CVE-2017-17787 gimp: Heap-based buffer over-read in read_creator_block function in plug-ins/common/file-psp.c2017-12-26