[Bug 1982422] Re: Multiple vulnerabilities in Focal and Jammy

Launchpad Bug Tracker Wed, 29 Nov 2023 05:22:49 -0800

This bug was fixed in the package gimp - 2.10.30-1ubuntu0.1

---------------
gimp (2.10.30-1ubuntu0.1) jammy-security; urgency=medium


  [ Luís Infante da Câmara ]
  * SECURITY UPDATE: Buffer overflow leading to insufficient memory or
    program crash via a crafted XCF file (LP: #1982422)
    - debian/patches/CVE-2022-30067.patch: Stop loading paths and skip to
      the next property when xcf_old_path fails.
    - CVE-2022-30067
  * SECURITY UPDATE: Denial of service via a crafted XCF file
    (LP: #1982422)
    - debian/patches/CVE-2022-32990-1.patch: Check maximum dimensions when
      loading XCF files.
    - debian/patches/CVE-2022-32990-2.patch: Check for invalid offsets when
      loading XCF files.
    - debian/patches/CVE-2022-32990-3.patch: Return TRUE in
      gimp_channel_is_empty when channel is NULL.
    - CVE-2022-32990

  [ Marc Deslauriers ]
  * SECURITY UPDATE: DDS File Parsing Heap-based Buffer Overflow
    - debian/patches/CVE-2023-44441-1.patch: verify header information in
      plug-ins/file-dds/ddsread.c.
    - debian/patches/CVE-2023-44441-2.patch: fix checks in
      plug-ins/file-dds/ddsread.c.
    - debian/patches/CVE-2023-44441-3.patch: add additional fixes in
      plug-ins/file-dds/ddsread.c.
    - CVE-2023-44441
  * SECURITY UPDATE: PSD File Parsing Heap-based Buffer Overflow
    - debian/patches/CVE-2023-44442.patch: add missing break statement in
      plug-ins/file-psd/psd-util.c.
    - CVE-2023-44442
  * SECURITY UPDATE: PSP File Parsing Integer Overflow and Off-By-One
    - debian/patches/CVE-2023-44443_44444.patch: check
      color_palette_entries and fix buffer size in
      plug-ins/common/file-psp.c.
    - CVE-2023-44443
    - CVE-2023-44444

 -- Marc Deslauriers <marc.deslauri...@ubuntu.com>  Tue, 28 Nov 2023
07:38:10 -0500

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gimp in Ubuntu.
https://bugs.launchpad.net/bugs/1982422

Title:
  Multiple vulnerabilities in Focal and Jammy

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gimp/+bug/1982422/+subscriptions


-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1982422] Re: Multiple vulnerabilities in Focal and Jammy

Reply via email to