ID CVE-2016-4994
Summary Use-after-free vulnerability in the xcf_load_image function in app/xcf/xcf-load.c in GIMP allows remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted XCF file.
References
Vulnerable Configurations
  • GIMP 2.8.16
    cpe:2.3:a:gimp:gimp:2.8.16
CVSS
Base: 6.8 (as of 27-01-2017 - 10:05)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2016-203-01.NASL
    description New gimp packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue.
    last seen 2018-09-02
    modified 2016-10-19
    plugin id 92498
    published 2016-07-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92498
    title Slackware 14.0 / 14.1 / 14.2 / current : gimp (SSA:2016-203-01)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-6122983949.NASL
    description Security fix for CVE-2016-4994 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 92253
    published 2016-07-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92253
    title Fedora 24 : 2:gimp (2016-6122983949)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2016-2589.NASL
    description An update for gimp and gimp-help is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. The following packages have been upgraded to a newer upstream version: gimp (2.8.16), gimp-help (2.8.2). (BZ#1298226, BZ#1370595) Security Fix(es) : * Multiple use-after-free vulnerabilities were found in GIMP in the channel and layer properties parsing process when loading XCF files. An attacker could create a specially crafted XCF file which could cause GIMP to crash. (CVE-2016-4994) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 95335
    published 2016-11-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95335
    title CentOS 7 : gimp / gimp-help (CESA-2016:2589)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-822.NASL
    description gimp was updated to version 2.8.16 to fix one security issue. This security issue was fixed : - CVE-2016-4994: Use-after-free vulnerabilities in the channel and layer properties parsing process (bsc#986021). This non-security issues were fixed : - Core : - Seek much less when writing XCF - Don't seek past the end of the file when writing XCF - Fix velocity parameter on .GIH brushes - Fix brokenness while transforming certain sets of linked layers - GUI : - Always show image tabs in single window mode - Fix switching of dock tabs by DND hovering - Don't make the scroll area for tags too small - Fixed a crash in the save dialog - Fix issue where ruler updates made things very slow on Windows -Plug-ins : - Fix several issues in the BMP plug-in - Make Gfig work with the new brush size behavior again - Fix font export in the PDF plug-in - Support layer groups in OpenRaster files - Fix loading of PSD files with layer groups
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 91942
    published 2016-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91942
    title openSUSE Security Update : gimp (openSUSE-2016-822)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-1962-1.NASL
    description gimp was updated to fix one security issue. This security issue was fixed : - CVE-2016-4994: Use-after-free vulnerabilities in the channel and layer properties parsing process (bsc#986021). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 93190
    published 2016-08-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93190
    title SUSE SLED12 Security Update : gimp (SUSE-SU-2016:1962-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-525.NASL
    description It was discovered that there was a use-after-free vulnerability in the channel and layer properties parsing process in Gimp, the GNU Image Manipulation Program. For Debian 7 'Wheezy', this issue has been fixed in gimp version 2.8.2-2+deb7u2. We recommend that you upgrade your gimp packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 91831
    published 2016-06-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91831
    title Debian DLA-525-1 : gimp security update
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-2589.NASL
    description An update for gimp and gimp-help is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. The following packages have been upgraded to a newer upstream version: gimp (2.8.16), gimp-help (2.8.2). (BZ#1298226, BZ#1370595) Security Fix(es) : * Multiple use-after-free vulnerabilities were found in GIMP in the channel and layer properties parsing process when loading XCF files. An attacker could create a specially crafted XCF file which could cause GIMP to crash. (CVE-2016-4994) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 94552
    published 2016-11-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94552
    title RHEL 7 : gimp (RHSA-2016:2589)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-20DB5E796B.NASL
    description Security fix for CVE-2016-4994 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 92233
    published 2016-07-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92233
    title Fedora 23 : 2:gimp (2016-20db5e796b)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3025-1.NASL
    description It was discovered that GIMP incorrectly handled malformed XCF files. If a user were tricked into opening a specially crafted XCF file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user's privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 91955
    published 2016-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91955
    title Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : gimp vulnerability (USN-3025-1)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2016-1075.NASL
    description According to the version of the gimp gimp-help packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Multiple use-after-free vulnerabilities were found in GIMP in the channel and layer properties parsing process when loading XCF files.An attacker could create a specially crafted XCF file which could cause GIMP to crash. (CVE-2016-4994) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 99835
    published 2017-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99835
    title EulerOS 2.0 SP1 : gimp gimp-help (EulerOS-SA-2016-1075)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-ACBD6A75F3.NASL
    description Security fix for CVE-2016-4994 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 92332
    published 2016-07-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92332
    title Fedora 22 : 2:gimp (2016-acbd6a75f3)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-2589.NASL
    description From Red Hat Security Advisory 2016:2589 : An update for gimp and gimp-help is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The GIMP (GNU Image Manipulation Program) is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. The following packages have been upgraded to a newer upstream version: gimp (2.8.16), gimp-help (2.8.2). (BZ#1298226, BZ#1370595) Security Fix(es) : * Multiple use-after-free vulnerabilities were found in GIMP in the channel and layer properties parsing process when loading XCF files. An attacker could create a specially crafted XCF file which could cause GIMP to crash. (CVE-2016-4994) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 94710
    published 2016-11-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94710
    title Oracle Linux 7 : gimp (ELSA-2016-2589)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3612.NASL
    description Shmuel H discovered that GIMP, the GNU Image Manipulation Program, is prone to a use-after-free vulnerability in the channel and layer properties parsing process when loading a XCF file. An attacker can take advantage of this flaw to potentially execute arbitrary code with the privileges of the user running GIMP if a specially crafted XCF file is processed.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 91923
    published 2016-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91923
    title Debian DSA-3612-1 : gimp - security update
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_6FB8A90FC9D54D14B940AED3D63C2EDC.NASL
    description The GIMP team reports : A Use-after-free vulnerability was found in the xcf_load_image function.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 92651
    published 2016-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92651
    title FreeBSD : The GIMP -- Use after Free vulnerability (6fb8a90f-c9d5-4d14-b940-aed3d63c2edc)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20161103_GIMP_ON_SL7_X.NASL
    description The following packages have been upgraded to a newer upstream version: gimp (2.8.16), gimp-help (2.8.2). Security Fix(es) : - Multiple use-after-free vulnerabilities were found in GIMP in the channel and layer properties parsing process when loading XCF files. An attacker could create a specially crafted XCF file which could cause GIMP to crash. (CVE-2016-4994) Additional Changes :
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 95839
    published 2016-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95839
    title Scientific Linux Security Update : gimp on SL7.x x86_64
redhat via4
advisories
bugzilla
id 1370595
title Rebase gimp-help to current upstream/Fedora version 2.8.2
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 7 Client is installed
      oval oval:com.redhat.rhba:tst:20150364001
    • comment Red Hat Enterprise Linux 7 Server is installed
      oval oval:com.redhat.rhba:tst:20150364002
    • comment Red Hat Enterprise Linux 7 Workstation is installed
      oval oval:com.redhat.rhba:tst:20150364003
    • comment Red Hat Enterprise Linux 7 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20150364004
  • OR
    • AND
      • comment gimp is earlier than 2:2.8.16-3.el7
        oval oval:com.redhat.rhsa:tst:20162589009
      • comment gimp is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110839006
    • AND
      • comment gimp-devel is earlier than 2:2.8.16-3.el7
        oval oval:com.redhat.rhsa:tst:20162589007
      • comment gimp-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110839014
    • AND
      • comment gimp-devel-tools is earlier than 2:2.8.16-3.el7
        oval oval:com.redhat.rhsa:tst:20162589011
      • comment gimp-devel-tools is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110839012
    • AND
      • comment gimp-libs is earlier than 2:2.8.16-3.el7
        oval oval:com.redhat.rhsa:tst:20162589005
      • comment gimp-libs is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110839010
    • AND
      • comment gimp-help is earlier than 0:2.8.2-1.el7
        oval oval:com.redhat.rhsa:tst:20162589033
      • comment gimp-help is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20162589034
    • AND
      • comment gimp-help-ca is earlier than 0:2.8.2-1.el7
        oval oval:com.redhat.rhsa:tst:20162589035
      • comment gimp-help-ca is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20162589036
    • AND
      • comment gimp-help-da is earlier than 0:2.8.2-1.el7
        oval oval:com.redhat.rhsa:tst:20162589045
      • comment gimp-help-da is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20162589046
    • AND
      • comment gimp-help-de is earlier than 0:2.8.2-1.el7
        oval oval:com.redhat.rhsa:tst:20162589021
      • comment gimp-help-de is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20162589022
    • AND
      • comment gimp-help-el is earlier than 0:2.8.2-1.el7
        oval oval:com.redhat.rhsa:tst:20162589031
      • comment gimp-help-el is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20162589032
    • AND
      • comment gimp-help-en_GB is earlier than 0:2.8.2-1.el7
        oval oval:com.redhat.rhsa:tst:20162589041
      • comment gimp-help-en_GB is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20162589042
    • AND
      • comment gimp-help-es is earlier than 0:2.8.2-1.el7
        oval oval:com.redhat.rhsa:tst:20162589047
      • comment gimp-help-es is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20162589048
    • AND
      • comment gimp-help-fr is earlier than 0:2.8.2-1.el7
        oval oval:com.redhat.rhsa:tst:20162589027
      • comment gimp-help-fr is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20162589028
    • AND
      • comment gimp-help-it is earlier than 0:2.8.2-1.el7
        oval oval:com.redhat.rhsa:tst:20162589029
      • comment gimp-help-it is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20162589030
    • AND
      • comment gimp-help-ja is earlier than 0:2.8.2-1.el7
        oval oval:com.redhat.rhsa:tst:20162589015
      • comment gimp-help-ja is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20162589016
    • AND
      • comment gimp-help-ko is earlier than 0:2.8.2-1.el7
        oval oval:com.redhat.rhsa:tst:20162589043
      • comment gimp-help-ko is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20162589044
    • AND
      • comment gimp-help-nl is earlier than 0:2.8.2-1.el7
        oval oval:com.redhat.rhsa:tst:20162589013
      • comment gimp-help-nl is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20162589014
    • AND
      • comment gimp-help-nn is earlier than 0:2.8.2-1.el7
        oval oval:com.redhat.rhsa:tst:20162589017
      • comment gimp-help-nn is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20162589018
    • AND
      • comment gimp-help-pt_BR is earlier than 0:2.8.2-1.el7
        oval oval:com.redhat.rhsa:tst:20162589023
      • comment gimp-help-pt_BR is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20162589024
    • AND
      • comment gimp-help-ru is earlier than 0:2.8.2-1.el7
        oval oval:com.redhat.rhsa:tst:20162589019
      • comment gimp-help-ru is signed with Red Hat redhatrelease2 key
        oval