Описание
[PSD loader: heap-buffer-overflow in fread_pascal_string() (no null terminator)]
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| gimp | fixed | 3.2.0~RC2-3.2 | package |
Примечания
https://gitlab.gnome.org/GNOME/gimp/-/issues/15812
Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/8cf2772f5631719ae0e4e701bd7ef793b1f59cfa (master)
Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/51a2d65a2df403f6da582173e0ddd7904356f5ae (gimp-3-0 branch)
Followup (not strictly part of the CVE, but a second problem exposed):
https://gitlab.gnome.org/GNOME/gimp/-/commit/02886e626df5e4c5f73f838a64fd3f21809dda09
EPSS
Связанные уязвимости
[PSD loader: heap-buffer-overflow in fread_pascal_string() (no null terminator)]
A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the fread_pascal_string function when processing a specially crafted PSD (Photoshop Document) file. This occurs because the buffer allocated for a Pascal string is not properly null-terminated, leading to an out-of-bounds read when strlen() is subsequently called. Successfully exploiting this vulnerability can cause the application to crash, resulting in an application level Denial of Service.
A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the fread_pascal_string function when processing a specially crafted PSD (Photoshop Document) file. This occurs because the buffer allocated for a Pascal string is not properly null-terminated, leading to an out-of-bounds read when strlen() is subsequently called. Successfully exploiting this vulnerability can cause the application to crash, resulting in an application level Denial of Service.
EPSS