[Bug 1982422] Re: Multiple vulnerabilities in Focal and Jammy

Wed, 29 Nov 2023 05:21:22 -0800 

This bug was fixed in the package gimp - 2.10.18-1ubuntu0.1

---------------
gimp (2.10.18-1ubuntu0.1) focal-security; urgency=medium

  [ Luís Infante da Câmara ]
  * SECURITY UPDATE: Buffer overflow leading to insufficient memory or
    program crash via a crafted XCF file (LP: #1982422)
    - debian/patches/CVE-2022-30067.patch: Stop loading paths and skip to
      the next property when xcf_old_path fails.
    - CVE-2022-30067
  * SECURITY UPDATE: Denial of service via a crafted XCF file
    (LP: #1982422)
    - debian/patches/CVE-2022-32990-1.patch: Check maximum dimensions when
      loading XCF files.
    - debian/patches/CVE-2022-32990-2.patch: Check for invalid offsets when
      loading XCF files.
    - debian/patches/CVE-2022-32990-3.patch: Return TRUE in
      gimp_channel_is_empty when channel is NULL.
    - CVE-2022-32990

  [ Marc Deslauriers ]
  * SECURITY UPDATE: DDS File Parsing Heap-based Buffer Overflow
    - debian/patches/CVE-2023-44441-1.patch: verify header information in
      plug-ins/file-dds/ddsread.c.
    - debian/patches/CVE-2023-44441-2.patch: fix checks in
      plug-ins/file-dds/ddsread.c.
    - debian/patches/CVE-2023-44441-3.patch: add additional fixes in
      plug-ins/file-dds/ddsread.c.
    - CVE-2023-44441
  * SECURITY UPDATE: PSD File Parsing Heap-based Buffer Overflow
    - debian/patches/CVE-2023-44442.patch: add missing break statement in
      plug-ins/file-psd/psd-util.c.
    - CVE-2023-44442
  * SECURITY UPDATE: PSP File Parsing Off-By-One
    - debian/patches/CVE-2023-44444.patch: fix buffer size in
      plug-ins/common/file-psp.c.
    - CVE-2023-44444

 -- Marc Deslauriers <marc.deslauri...@ubuntu.com>  Tue, 28 Nov 2023
07:38:10 -0500

** Changed in: gimp (Ubuntu Focal)
       Status: New => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-44441

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-44442

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-44444

** Changed in: gimp (Ubuntu Jammy)
       Status: New => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-44443

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gimp in Ubuntu.
https://bugs.launchpad.net/bugs/1982422

Title:
  Multiple vulnerabilities in Focal and Jammy

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gimp/+bug/1982422/+subscriptions


-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

Reply via email to