![]() ![]() Latest stable release will be provided instead in thisįlatpak build available in: x86-64 and AArch64. If there are no development releases, the ![]() specific snapshot manually selected, notĪutomatic builds). Is not a nightly, hence only development releases will be madeĪvailable (i.e. We provide a Flatpak development repository on Flathub. ![]() The new versions are available to download from the Gimp download page.GIMP (development version) for Unix-like systems The Gimp developers therefore always recommend updating Gimp to the latest packages. However, dependencies in the binary packages have also been updated, which patches recently discovered vulnerabilities in the libraries. ![]() The GIMP version announcement does not go into detail about the vulnerabilities, but focuses on things like newly supported color palettes, non-square ratios in GIF images, and other improvements to the software. In addition, carefully crafted PSP files can provoke an "off-by-one" error when calculating a write position on the heap buffer, which also enables code smuggling (CVE-2023-44444, CVSS 7.8, high). Insufficient checking of user-controlled data when processing PSP files can trigger an integer overflow before writing to memory - allowing attackers to smuggle in malicious code (CVE-2023-44443, CVSS 7.8, high). The same type of error with the same consequences can be provoked when processing PSD files (CVE-2023-44442, CVSS 7.8, high). However, this requires user interaction because they would have to open a malicious page or a malicious file. They affect the image formats DDS, PSD and PSP, the processing of which can cause errors that attackers can misuse to inject and execute arbitrary code.ĭue to a lack of length checking of user-controlled data before copying it to a heap-based buffer, attackers can execute code in the context of the current process when processing DDS files, explains the ZDI in a security notice (CVE-2023-44441, CVSS 7.8, risk high). Trend Micro's Zero Day Initiative (ZDI) discovered and reported the security vulnerabilities. Attackers could use manipulated image files to plant malicious code on unsuspecting victims. The new version 2.10.36 of the Gimp image editor fixes four security leaks overall. It fixes security vulnerabilities that allow code smuggling. The free open source image editor Gimp has been released in version 2.10.36. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |