Your submission was sent successfully! Close

CVE-2017-17788

Published: 20 December 2017

In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when there is no '\0' character after the version string.

Priority

Low

CVSS 3 base score: 5.5

Status

Package Release Status
gimp
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Not vulnerable
(2.8.22-1)
cosmic Not vulnerable
(2.8.22-1)
disco Not vulnerable
(2.8.22-1)
eoan Not vulnerable
(2.8.22-1)
focal Not vulnerable
(2.8.22-1)
groovy Not vulnerable
(2.8.22-1)
hirsute Not vulnerable
(2.8.22-1)
impish Not vulnerable
(2.8.22-1)
jammy Not vulnerable
(2.8.22-1)
precise Does not exist

trusty Does not exist
(trusty was released [2.8.10-0ubuntu1.2])
upstream
Released (2.8.20-1.1)
xenial Ignored
(end of standard support, was needed)
zesty Ignored
(reached end-of-life)