CLD-185 Details

Other IDs this deficiency may be known by:

CVE ID CVE-2017-17784 (nvd) (mitre) (debian) (archlinux) (red hat) (suse) (ubuntu)
Other ID(s)

Basic Information:

Affected Package(s) gimp
Deficiency Type SECURITY
Date Created 2017-12-21 09:51:06
Date Last Modified 2017-12-30 13:44:03

Version Specific Information:

Cucumber 1.0 i686fixed in gimp-2.8.22-i686-4
Cucumber 1.0 x86_64fixed in gimp-2.8.22-x86_64-4 and gimp-lib_i686-2.8.22-lib_i686-4

Cucumber 1.1 i686 fixed in gimp-2.8.22-i686-4
Cucumber 1.1 x86_64 fixed in gimp-2.8.22-x86_64-4 and gimp-lib_i686-2.8.22-lib_i686-4

Details:

=================================== Overview ===================================

From https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17784:

In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in
plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of
UTF-8 data.

================================ Initial Report ================================

From Hanno Bock on Gnome Bugzilla
(https://bugzilla.gnome.org/show_bug.cgi?id=790784):

The attached sample file will cause a heap buffer overread in the gbr import
parser. This can be detected with address sanitizer.

I haven't fully analyzed it, but judging on the function names it looks like
either malformed utf8 or a non-terminated string is causing this (may be
similar to #790783).

============================ Additional Information ============================

See http://www.openwall.com/lists/oss-security/2017/12/19/5

================================= Our Analysis =================================

----- Affected Products -----
Versions of GIMP up to and including 2.8.22 are vulnerable to this
vulnerability. This includes GIMP as originally packages in Cucumber Linux 1.0
and 1.1. As of the writing of this analysis (Thu Dec 21 11:13:35 EST 2017),
2.8.22 is the latest stable version of GIMP; future releases may or may not be
affected.

A patch was released on 2017-12-21 11:29:24 (GMT) fixing this vulnerability. It
can be found at
https://git.gnome.org/browse/gimp/commit/?id=c57f9dcf1934a9ab0cd67650f2dea18cb0902270.

----- Scope and Impact of this Vulnerability -----
This vulnerability can result in a heap buffer overread.

----- Fix for this Vulnerability -----
This vulnerability can be fixed by applying the patch at
https://git.gnome.org/browse/gimp/commit/?id=c57f9dcf1934a9ab0cd67650f2dea18cb0902270.

================================= Our Solution =================================

We have applied the aforementioned patch and rebuilt GIMP.