CVE-2017-17785 - In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun function in plug-ins/file

CVE-2017-17785

Summary

In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c.

References

Vulnerable Configurations

cpe:2.3:a:gimp:gimp:2.8.22:*:*:*:*:*:*:*
cpe:2.3:a:gimp:gimp:2.8.22:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

CVSS

CWE

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

debian	DSA-4077
misc	http://www.openwall.com/lists/oss-security/2017/12/19/5 https://bugzilla.gnome.org/show_bug.cgi?id=739133
mlist	[debian-lts-announce] 20171223 [SECURITY] [DLA 1220-1] gimp security update
ubuntu	USN-3539-1

Last major update

07-02-2022 - 18:59

Published

20-12-2017 - 09:29

Last modified

07-02-2022 - 18:59