You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa gimp

Sigurnosni nedostaci programskog paketa gimp

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2018-01-09 23:48:23.446682

Name : gimp
Product : Fedora 27
Version : 2.8.22
Release : 3.fc27
Summary : GNU Image Manipulation Program
Description :
GIMP (GNU Image Manipulation Program) is a powerful image composition and
editing program, which can be extremely useful for creating logos and other
graphics for webpages. GIMP has many of the tools and filters you would expect
to find in similar commercial offerings, and some interesting extras as well.
GIMP provides a large image manipulation toolbox, including channel operations
and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all
with multi-level undo.

Update Information:

Security fix for CVE-2017-17784 CVE-2017-17785 CVE-2017-17786 CVE-2017-17787
CVE-2017-17788 CVE-2017-17789

[ 1 ] Bug #1529147 – CVE-2017-17785 gimp: Heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c
[ 2 ] Bug #1529146 – CVE-2017-17789 gimp: Heap-based buffer overflow in read_channel_data function in plug-ins/common/file-psp.c
[ 3 ] Bug #1529145 – CVE-2017-17786 gimp: Heap-based buffer over-read in ReadImage function in plug-ins/common/file-tga.c
[ 4 ] Bug #1529144 – CVE-2017-17784 gimp: Heap-based buffer over-read in load_image function in plug-ins/common/file-gbr.c
[ 5 ] Bug #1529143 – CVE-2017-17787 gimp: Heap-based buffer over-read in read_creator_block function in plug-ins/common/file-psp.c
[ 6 ] Bug #1529141 – CVE-2017-17788 gimp: Stack-based buffer over-read in xcf_load_stream function in app/xcf/xcf.c

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade gimp’ at the command line.
For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list —
To unsubscribe send an email to

AutorDanijel Kozinovic
Cert idNCERT-REF-2018-01-0058-ADV
More in Preporuke
Sigurnosni nedostatak programskog paketa mupdf

Otkriven je sigurnosni nedostatak u programskom paketu mupdf za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje izazivanje DoS stanja...