Lucene search

DebianDEBIAN:DLA-3659-1:1B1F3

HistoryNov 21, 2023 - 3:23 p.m.

[SECURITY] [DLA 3659-1] gimp security update

2023-11-2115:23:43

lists.debian.org

out-of-memory

update

buffer overflow

debian 10 buster

gimp

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

Low

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.0005 Low

EPSS

Percentile

15.1%

JSON

Debian LTS Advisory DLA-3659-1 [email protected]
https://www.debian.org/lts/security/ Adrian Bunk
November 21, 2023 https://wiki.debian.org/LTS

Package : gimp
Version : 2.10.8-2+deb10u1
CVE ID : CVE-2022-30067 CVE-2023-44442 CVE-2023-44444
Debian Bug : 1055984

Multiple vulnerabilities were fixed in GIMP,
the GNU Image Manipulation Program.

CVE-2022-30067

Out-of-memory with crafted XCF file.

CVE-2023-44442

PSD file parsing buffer overflow.

CVE-2023-44444

PSP file parsing buffer overflow.

For Debian 10 buster, these problems have been fixed in version
2.10.8-2+deb10u1.

We recommend that you upgrade your gimp packages.

For the detailed security status of gimp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gimp

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian10alllibgimp2.0< 2.10.8-2+deb10u1libgimp2.0_2.10.8-2+deb10u1_all.deb
Debian10alllibgimp2.0-doc< 2.10.8-2+deb10u1libgimp2.0-doc_2.10.8-2+deb10u1_all.deb
Debian10alllibgimp2.0-dev< 2.10.8-2+deb10u1libgimp2.0-dev_2.10.8-2+deb10u1_all.deb
Debian10allgimp< 2.10.8-2+deb10u1gimp_2.10.8-2+deb10u1_all.deb
Debian10allgimp-python< 2.10.8-2+deb10u1gimp-python_2.10.8-2+deb10u1_all.deb
Debian10allgimp-data< 2.10.8-2+deb10u1gimp-data_2.10.8-2+deb10u1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	all	libgimp2.0	< 2.10.8-2+deb10u1	libgimp2.0_2.10.8-2+deb10u1_all.deb
Debian	10	all	libgimp2.0-doc	< 2.10.8-2+deb10u1	libgimp2.0-doc_2.10.8-2+deb10u1_all.deb
Debian	10	all	libgimp2.0-dev	< 2.10.8-2+deb10u1	libgimp2.0-dev_2.10.8-2+deb10u1_all.deb
Debian	10	all	gimp	< 2.10.8-2+deb10u1	gimp_2.10.8-2+deb10u1_all.deb
Debian	10	all	gimp-python	< 2.10.8-2+deb10u1	gimp-python_2.10.8-2+deb10u1_all.deb
Debian	10	all	gimp-data	< 2.10.8-2+deb10u1	gimp-data_2.10.8-2+deb10u1_all.deb