Skip to main content
Skip table of contents

ISN 2023-35: GIMP Vulnerabilities

First published 22 January 2023

CVSS 3.1: 8.2 (High)

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Summary

Multiple security vulnerabilities have been discovered in the GIMP image processing library used in IGEL OS. This affects the following IGEL products:

  • IGEL OS 11 (not in the default configuration)

Details

GIMP is vulnerable to crafted files in several formats: Processing DDS, PSP or PSD files can cause overflows and enable remote code execution (CVE-2023-44441, CVE-2023-44442, CVE-2023-44443). This is rated as high. Crafted XCF files can exhaust memory or trigger an unhandled exception, which may lead to a denial of service (CVE-2022-30067, CVE-2022-32990), which is rated as medium.

Mitigation

GIMP is not active in the IGEL OS 11 default configuration. It is only mounted if you activate Scanner Support / SANE (Limited Support …) in System > Firmware Customization > Features in Setup. If you have it activated, you can deactivate it to mitigate this vulnerability.

Update Instructions

  • OS 11: Update to IGEL OS version 11.09.210 or newer

References

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.