SB2017122806 - Buffer overflow in gimp (Alpine package)
Published: December 28, 2017
Security Bulletin ID
SB2017122806
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Buffer overflow (CVE-ID: CVE-2017-17789)
The vulnerability allows a local non-authenticated attacker to execute arbitrary code.
In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=bc24320d747829f97b6ccc8108e9acdbc578c683
- https://git.alpinelinux.org/aports/commit/?id=488c5e412cf61e781be4787348a1b6eb109690ba
- https://git.alpinelinux.org/aports/commit/?id=743b8267d51329a3a6bc07528042efa837b07ecf
- https://git.alpinelinux.org/aports/commit/?id=7f6b53170f527254ed08ba040a84ec717ad878d1