gimp-2.99.8-4.el9_6.2
エラータID: AXSA:2025-10549:03
リリース日:
2025/07/22 Tuesday - 18:23
題名:
gimp-2.99.8-4.el9_6.2
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- GIMP の TGA ファイルの処理には、ヒープ領域のオーバーフローの
問題があるため、ローカルの攻撃者により、情報の漏洩、データ破壊、
およびサービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2025-48797)
- GIMP の XCF ファイルの処理には、メモリ領域の解放後利用の問題が
あるため、ローカルの攻撃者により、情報の漏洩、データ破壊、および
サービス拒否攻撃を可能とする脆弱性が存在します。(CVE-2025-48798)
- GIMP の ICO ファイルの解析処理には、整数オーバーフローの問題が
あるため、ローカルの攻撃者により、任意のコードの実行を可能とする
脆弱性が存在します。(CVE-2025-5473)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-48797
A flaw was found in GIMP when processing certain TGA image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing a heap buffer overflow.
A flaw was found in GIMP when processing certain TGA image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing a heap buffer overflow.
CVE-2025-48798
A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues.
A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues.
CVE-2025-5473
GIMP ICO File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ICO files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26752.
GIMP ICO File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ICO files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26752.
追加情報:
N/A
ダウンロード:
SRPMS
- gimp-2.99.8-4.el9_6.2.src.rpm
MD5: 51d9b0a3dfa6088d42a07713940efccc
SHA-256: 0e346cc3eec84149e0c5d2b67bc38e1292b94230ec4a00b1ab7365d75ac36a74
Size: 29.42 MB
Asianux Server 9 for x86_64
- gimp-2.99.8-4.el9_6.2.x86_64.rpm
MD5: a005c150413ce7836fda49c3634bb710
SHA-256: b9908b574899fd90000aed4a386f8a943664774498d827c56aa915593be8bca3
Size: 19.31 MB - gimp-libs-2.99.8-4.el9_6.2.i686.rpm
MD5: 0d3f843432c9d208721495a1f71a0ca8
SHA-256: 7d526b7d4410051e87b7ee1687650eb2582e1828e881784e990e269c368ea007
Size: 589.11 kB - gimp-libs-2.99.8-4.el9_6.2.x86_64.rpm
MD5: e5fb2db75b3daf0f5150af119b7f3926
SHA-256: a5750104f1079df6d3c9d6c28cbfa70da9d3e024fc8c5442f9e69f5ddee698ff
Size: 552.00 kB
English