gimp-3.0.4-1.el9_7.4
エラータID: AXSA:2026-311:03
リリース日:
2026/03/16 Monday - 20:09
題名:
gimp-3.0.4-1.el9_7.4
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- GIMP の ICO ファイルの解析処理には、データ長の検証処理の不備
に起因したヒープ領域のバッファオーバーフローの問題があるため、
リモートの攻撃者により、細工された Web ページへのアクセス、
もしくは細工された ICO 形式のファイルの読み込みを介して、任意の
コードの実行を可能とする脆弱性が存在します。(CVE-2026-0797)
- GIMP の PGM 形式のファイルの解析処理には、データの初期化処理が
欠落しているため、リモートの攻撃者により、細工された Web ページ
へのアクセス、もしくは細工された PGM 形式のファイルの読み込みを
介して、任意のコードの実行を可能とする脆弱性が存在します。
(CVE-2026-2044)
- GIMP の XWD ファイルの解析処理には、入力データのチェック処理
の不備に起因したメモリ領域の範囲外書き込みの問題があるため、
ローカルの攻撃者により、細工された Web ページへのアクセス、
もしくは細工された XWD 形式のファイルの読み込みを介して、任意の
コードの実行を可能とする脆弱性が存在します。(CVE-2026-2045)
- GIMP の ICNS 形式のファイルの解析処理には、バッファサイズの
算出処理の不備に起因したヒープ領域のバッファーオーバーフローの
問題があるため、ローカルの攻撃者により、細工された Web ページへの
アクセス、もしくは細工された ICNS 形式のファイルの読み込みを
介して、任意のコードの実行を可能とする脆弱性が存在します。
(CVE-2026-2047)
- GIMP の XWD 形式のファイルの解析処理には、入力データの検証
処理の不備に起因したメモリ領域の範囲外書き込みの問題があるため、
ローカルの攻撃者により、細工された Web ページへのアクセス、
もしくは細工された XWD 形式のファイルの読み込みを介して、任意の
コードの実行を可能とする脆弱性が存在します。(CVE-2026-2048)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2026-0797
GIMP ICO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ICO files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28599.
GIMP ICO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ICO files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28599.
CVE-2026-2044
GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PGM files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28158.
GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PGM files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28158.
CVE-2026-2045
GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28265.
GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28265.
CVE-2026-2047
GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ICNS files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28530.
GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ICNS files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28530.
CVE-2026-2048
GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28591.
GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28591.
追加情報:
N/A
ダウンロード:
SRPMS
- gimp-3.0.4-1.el9_7.4.src.rpm
MD5: 78e8ebb17bda4a0de83f87a4956fe337
SHA-256: 131d76e287f29394a36ee0d72648529ba048d1fe8db831c04cf330823b09cad0
Size: 25.87 MB
Asianux Server 9 for x86_64
- gimp-3.0.4-1.el9_7.4.x86_64.rpm
MD5: 33c080a2499761954cb40ce53d8ad965
SHA-256: 42902d5f5b4b260feae52c4f9f40abc4aa1c34b6bd3e42ce88ac6c97fa11b70a
Size: 20.92 MB - gimp-libs-3.0.4-1.el9_7.4.i686.rpm
MD5: 5bbd074da34fa161c0af9c1aed7c59b9
SHA-256: 1bed1858e0a1fae72d7a8e90b697a175c277498b7f1ddfd8af98456534fb7aad
Size: 851.13 kB - gimp-libs-3.0.4-1.el9_7.4.x86_64.rpm
MD5: 0b2c3045c2397726983f9ae93fa69552
SHA-256: df9e841e0e0a06f7517e69698a13fca71c9d5c8a462e756163682e03655c8753
Size: 802.52 kB
English