Other IDs this deficiency may be known by:
|Date Last Modified
Version Specific Information:
|Cucumber 1.0 i686||fixed in gimp-2.8.22-i686-3 |
|Cucumber 1.0 x86_64||fixed in gimp-2.8.22-x86_64-3 and gimp-lib_i686-2.8.22-lib_i686-3 |
|Cucumber 1.1 i686
||fixed in gimp-2.8.22-i686-3 |
|Cucumber 1.1 x86_64
||fixed in gimp-2.8.22-x86_64-3 and gimp-lib_i686-2.8.22-lib_i686-3 |
=================================== Overview ===================================
In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in
plug-ins/common/file-tga.c (related to bgr2rgb.part.1) via an unexpected
bits-per-pixel value for an RGBA image.
================================ Initial Report ================================
From Hanno Bock on Gnome Bugzilla
The tga importer has an out of bounds read / heap overflow bug. The bug can be
triggered with the attached sample when GIMP was compiled with address
sanitizer. I'll attach the sample and the output of address sanitizer.
This is a potential (low severity) security issue, however as it is only a read
error it's unlikely there's a realistic exploit scenario. Still it should be
============================ Additional Information ============================
================================= Our Analysis =================================
----- Affected Products -----
All versions of GIMP that have not had the patch from
applied are vulnerable to this vulnerability. This includes versions of GIMP up
to and including 2.8.22. As of the writing of this analysis (Thu Dec 21
10:36:43 EST 2017), 2.8.22 is the latest stable version of GIMP; future
releases may or may not be affected. GIMP as originally packaged in Cucumber
Linux 1.0 and 1.1 is vulnerable.
----- Scope and Impact of this Vulnerability -----
This vulnerability can result in an out of bounds read/heap overflow.
----- Fix for this Vulnerability -----
This vulnerability can be fixed by applying the patch from
================================= Our Solution =================================
We have applied the aforementioned patch and rebuilt GIMP.