CVE-2023-44444

Public on 2023-11-15
Modified on 2024-01-18
Description
GIMP PSP File Parsing Off-By-One Remote Code Execution Vulnerability

NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1591/
NOTE: https://www.gimp.org/news/2023/11/07/gimp-2-10-36-released/#fixed-vulnerabilities
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/commit/e1bfd87195e4fe60a92df70cde65464d032dd3c1
NOTE: Backport to gimp-2.10: https://gitlab.gnome.org/GNOME/gimp/-/commit/ef12c0a90752a06d4c465a768d052b07f5e8a8a0 (GIMP_2_10_36)
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/10071 (restricted)
DEBIANBUG: [1055984]
Severity
Low severity
Low
CVSS v3 Base Score
2.9
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 2 - Gimp Extra gimp Pending Fix

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L