gimp-2.99.8-4.el9_6

エラータID: AXSA:2025-10463:02

Release date: 
Monday, July 14, 2025 - 21:19
Subject: 
gimp-2.99.8-4.el9_6
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

[security - high] gimp security update

The GIMP (GNU Image Manipulation Program) is an image composition and editing
program. GIMP provides a large image manipulation toolbox, including channel
operations and layers, effects, sub-pixel imaging and anti-aliasing, and
conversions, all with multi-level undo.

Security Fix(es):

gimp: dds buffer overflow RCE (CVE-2023-44441)
gimp: PSD buffer overflow RCE (CVE-2023-44442)
gimp: psp integer overflow RCE (CVE-2023-44443)
gimp: psp off-by-one RCE (CVE-2023-44444)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

For detailed information on changes in this release, see MIRACLE LINUX 9 Release
Notes linked from the References section.

CVE(s):
CVE-2023-44441
CVE-2023-44442
CVE-2023-44443
CVE-2023-44444

Solution: 

Update packages.

CVEs: 
CVE-2023-44441
GIMP DDS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DDS files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-22093.
CVE-2023-44442
GIMP PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSD files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. Was ZDI-CAN-22094.
CVE-2023-44443
GIMP PSP File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSP files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-22096.
CVE-2023-44444
GIMP PSP File Parsing Off-By-One Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSP files. Crafted data in a PSP file can trigger an off-by-one error when calculating a location to write within a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-22097.
Additional Info: 

N/A

Download: 

SRPMS
  1. gimp-2.99.8-4.el9_6.src.rpm
    MD5: 8938d3cda142f961e70019cb3e770d8f
    SHA-256: 14d560c123570dfac071afd8c2c9797e534580e2b449649afd643b25693b51b1
    Size: 29.41 MB

Asianux Server 9 for x86_64
  1. gimp-2.99.8-4.el9_6.x86_64.rpm
    MD5: 43641b6b8267e83747f1b84acee757e5
    SHA-256: dac3f184b0d210015609b8323a3ad629a0dcfe394f9a8c480d70aaf8b25c779a
    Size: 19.31 MB
  2. gimp-libs-2.99.8-4.el9_6.i686.rpm
    MD5: b968254ec60f62bd10da30faf493fdb4
    SHA-256: d364ee6a50661df3325f439eea09caec8fa684d2723d09c59b01e46a43052d19
    Size: 588.76 kB
  3. gimp-libs-2.99.8-4.el9_6.x86_64.rpm
    MD5: c27990b0e292c7d5280aef3ceec034a7
    SHA-256: e25426c35084c1ecf6be701b9a05c7de807f4a639a3751fe2da3b774b429e59a
    Size: 551.72 kB