VulnerableCode Package Details - pkg:deb/ubuntu/gimp@2.6.6-1ubuntu2

Search for packages

Package details: pkg:deb/ubuntu/gimp@2.6.6-1ubuntu2

Essentials
History (0)

purl	pkg:deb/ubuntu/gimp@2.6.6-1ubuntu2

Next non-vulnerable version	2.8.22-1
Latest non-vulnerable version	2.8.22-1
Risk	3.5

Vulnerabilities affecting this package (8)

Vulnerability	Summary	Fixed by
VCID-1g6h-5yq4-aaah Aliases: CVE-2017-17785	In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c.	2.8.22-1 Affected by 0 other vulnerabilities.
VCID-2qsr-xt56-aaah Aliases: CVE-2017-17789	In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c.	2.8.22-1 Affected by 0 other vulnerabilities.
VCID-9p1z-c9tm-aaac Aliases: CVE-2017-17788	In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when there is no '\0' character after the version string.	2.8.22-1 Affected by 0 other vulnerabilities.
VCID-adhn-ctqy-aaak Aliases: CVE-2016-4994	Use-after-free vulnerability in the xcf_load_image function in app/xcf/xcf-load.c in GIMP allows remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted XCF file.	2.8.10-0ubuntu1.1 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.8.16-1ubuntu1.1 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-kttz-gq2j-aaae Aliases: CVE-2011-2896	The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895.	2.6.11-2ubuntu4 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-sztc-99mv-aaaq Aliases: CVE-2017-17784	In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data.	2.8.22-1 Affected by 0 other vulnerabilities.
VCID-xjhw-k3qt-aaab Aliases: CVE-2017-17787	In GIMP 2.8.22, there is a heap-based buffer over-read in read_creator_block in plug-ins/common/file-psp.c.	2.8.22-1 Affected by 0 other vulnerabilities.
VCID-ytks-xp2s-aaab Aliases: CVE-2017-17786	In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in plug-ins/common/file-tga.c (related to bgr2rgb.part.1) via an unexpected bits-per-pixel value for an RGBA image.	2.8.22-1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version