CVE-2023-44444 – GIMP PSP File Parsing Off-By-One Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-44444
GIMP PSP File Parsing Off-By-One Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSP files. Crafted data in a PSP file can trigger an off-by-one error when calculating a location to write within a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.gimp.org/news/2023/11/07/gimp-2-10-36-released https://www.zerodayinitiative.com/advisories/ZDI-23-1591 https://access.redhat.com/security/cve/CVE-2023-44444 https://bugzilla.redhat.com/show_bug.cgi?id=2249946 • CWE-193: Off-by-one Error •
CVE-2023-44441 – GIMP DDS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-44441
GIMP DDS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DDS files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.gimp.org/news/2023/11/07/gimp-2-10-36-released https://www.zerodayinitiative.com/advisories/ZDI-23-1592 https://access.redhat.com/security/cve/CVE-2023-44441 https://bugzilla.redhat.com/show_bug.cgi?id=2249938 • CWE-122: Heap-based Buffer Overflow •
CVE-2023-44442 – GIMP PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-44442
GIMP PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSD files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. • https://www.gimp.org/news/2023/11/07/gimp-2-10-36-released https://www.zerodayinitiative.com/advisories/ZDI-23-1594 https://access.redhat.com/security/cve/CVE-2023-44442 https://bugzilla.redhat.com/show_bug.cgi?id=2249942 • CWE-122: Heap-based Buffer Overflow •
CVE-2023-44443 – GIMP PSP File Parsing Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-44443
GIMP PSP File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSP files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.gimp.org/news/2023/11/07/gimp-2-10-36-released https://www.zerodayinitiative.com/advisories/ZDI-23-1593 https://access.redhat.com/security/cve/CVE-2023-44443 https://bugzilla.redhat.com/show_bug.cgi?id=2249944 • CWE-190: Integer Overflow or Wraparound •
CVE-2022-32990 – gimp: unhandled exception via a crafted XCF file may lead to DoS
https://notcve.org/view.php?id=CVE-2022-32990
An issue in gimp_layer_invalidate_boundary of GNOME GIMP 2.10.30 allows attackers to trigger an unhandled exception via a crafted XCF file, causing a Denial of Service (DoS). Un problema en la función gimp_layer_invalidate_boundary de GNOME GIMP versión 2.10.30, permite a atacantes desencadenar una excepción no manejada por medio de un archivo XCF diseñado, causando una Denegación de Servicio (DoS) A vulnerability was found in GIMP when loading a specially crafted XCF file. Due to an incorrect function return value, GIMP may access memory outside its address space, resulting in a denial of service. • https://gitlab.gnome.org/GNOME/gimp/-/issues/8230 https://access.redhat.com/security/cve/CVE-2022-32990 https://bugzilla.redhat.com/show_bug.cgi?id=2103202 • CWE-125: Out-of-bounds Read CWE-755: Improper Handling of Exceptional Conditions •