[ Luís Infante da Câmara ]
* SECURITY UPDATE: Buffer overflow leading to insufficient memory or
program crash via a crafted XCF file (LP: #1982422)
- debian/patches/CVE-2022-30067.patch: Stop loading paths and skip to
the next property when xcf_old_path fails.
- CVE-2022-30067
* SECURITY UPDATE: Denial of service via a crafted XCF file
(LP: #1982422)
- debian/patches/CVE-2022-32990-1.patch: Check maximum dimensions when
loading XCF files.
- debian/patches/CVE-2022-32990-2.patch: Check for invalid offsets when
loading XCF files.
- debian/patches/CVE-2022-32990-3.patch: Return TRUE in
gimp_channel_is_empty when channel is NULL.
- CVE-2022-32990
[ Marc Deslauriers ]
* SECURITY UPDATE: DDS File Parsing Heap-based Buffer Overflow
- debian/patches/CVE-2023-44441-1.patch: verify header information in
plug-ins/file-dds/ddsread.c.
- debian/patches/CVE-2023-44441-2.patch: fix checks in
plug-ins/file-dds/ddsread.c.
- debian/patches/CVE-2023-44441-3.patch: add additional fixes in
plug-ins/file-dds/ddsread.c.
- CVE-2023-44441
* SECURITY UPDATE: PSD File Parsing Heap-based Buffer Overflow
- debian/patches/CVE-2023-44442.patch: add missing break statement in
plug-ins/file-psd/psd-util.c.
- CVE-2023-44442
* SECURITY UPDATE: PSP File Parsing Off-By-One
- debian/patches/CVE-2023-44444.patch: fix buffer size in
plug-ins/common/file-psp.c.
- CVE-2023-44444
-- Marc Deslauriers <email address hidden> Tue, 28 Nov 2023 07:38:10 -0500
This bug was fixed in the package gimp - 2.10.18-1ubuntu0.1
--------------- 1ubuntu0. 1) focal-security; urgency=medium
gimp (2.10.18-
[ Luís Infante da Câmara ] patches/ CVE-2022- 30067.patch: Stop loading paths and skip to patches/ CVE-2022- 32990-1. patch: Check maximum dimensions when patches/ CVE-2022- 32990-2. patch: Check for invalid offsets when patches/ CVE-2022- 32990-3. patch: Return TRUE in channel_ is_empty when channel is NULL.
* SECURITY UPDATE: Buffer overflow leading to insufficient memory or
program crash via a crafted XCF file (LP: #1982422)
- debian/
the next property when xcf_old_path fails.
- CVE-2022-30067
* SECURITY UPDATE: Denial of service via a crafted XCF file
(LP: #1982422)
- debian/
loading XCF files.
- debian/
loading XCF files.
- debian/
gimp_
- CVE-2022-32990
[ Marc Deslauriers ] patches/ CVE-2023- 44441-1. patch: verify header information in ins/file- dds/ddsread. c. patches/ CVE-2023- 44441-2. patch: fix checks in ins/file- dds/ddsread. c. patches/ CVE-2023- 44441-3. patch: add additional fixes in ins/file- dds/ddsread. c. patches/ CVE-2023- 44442.patch: add missing break statement in ins/file- psd/psd- util.c. patches/ CVE-2023- 44444.patch: fix buffer size in ins/common/ file-psp. c.
* SECURITY UPDATE: DDS File Parsing Heap-based Buffer Overflow
- debian/
plug-
- debian/
plug-
- debian/
plug-
- CVE-2023-44441
* SECURITY UPDATE: PSD File Parsing Heap-based Buffer Overflow
- debian/
plug-
- CVE-2023-44442
* SECURITY UPDATE: PSP File Parsing Off-By-One
- debian/
plug-
- CVE-2023-44444
-- Marc Deslauriers <email address hidden> Tue, 28 Nov 2023 07:38:10 -0500