gimp-3.0.4-1.el9_7.5
エラータID: AXSA:2026-630:04
リリース日:
2026/05/18 Monday - 18:45
題名:
gimp-3.0.4-1.el9_7.5
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- GIMP には、整数オーバーフローの問題があるため、ローカルの
攻撃者により、巧妙に細工された PSD ファイルを介して、任意の
コードの実行を可能とする脆弱性が存在します。(CVE-2026-4150)
- GIMP には、整数オーバーフローの問題があるため、ローカルの
攻撃者により、巧妙に細工された ANI ファイルを介して、任意の
コードの実行を可能とする脆弱性が存在します。(CVE-2026-4151)
- GIMP には、ヒープベースのバッファオーバーフローの問題が
あるため、ローカルの攻撃者により、巧妙に細工された JP2 ファイル
を介して、任意のコードの実行を可能とする脆弱性が存在します。
(CVE-2026-4152)
- GIMP には、ヒープベースのバッファオーバーフローの問題が
あるため、ローカルの攻撃者により、巧妙に細工された PSP ファイル
を介して、任意のコードの実行を可能とする脆弱性が存在します。
(CVE-2026-4153)
- GIMP には、整数オーバーフローの問題があるため、ローカルの
攻撃者により、巧妙に細工された PXM ファイルを介して、任意の
コードの実行を可能とする脆弱性が存在します。(CVE-2026-4154)
- GIMP には、オフバイワンエラーの問題があるため、ローカルの
攻撃者により、巧妙に細工された PCX ファイルを介して、情報の漏洩、
およびサービス拒否攻撃 (DoS) を可能とする脆弱性が存在します。
(CVE-2026-4887)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2026-4150
GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28807.
GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28807.
CVE-2026-4151
GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ANI files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28813.
GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ANI files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28813.
CVE-2026-4152
GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28863.
GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28863.
CVE-2026-4153
GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28874.
GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28874.
CVE-2026-4154
GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XPM files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28901.
GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XPM files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28901.
CVE-2026-4887
A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possible application crash, resulting in a Denial of Service (DoS).
A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possible application crash, resulting in a Denial of Service (DoS).
追加情報:
N/A
ダウンロード:
SRPMS
- gimp-3.0.4-1.el9_7.5.src.rpm
MD5: 155fc47d93528e054a115bf8e350502b
SHA-256: 41b1de14be08d0294fc76ac109098bf77a062fc311c138817fb579c15ef78db1
Size: 25.88 MB
Asianux Server 9 for x86_64
- gimp-3.0.4-1.el9_7.5.x86_64.rpm
MD5: de1e9f73f304915f68d715c7af96f292
SHA-256: ed7340e88122015dfe4cbf36159291bf8be2d0297e4bdbb3b2fdcd92b56d7c12
Size: 20.92 MB - gimp-libs-3.0.4-1.el9_7.5.i686.rpm
MD5: 8769a9be217d451cf5d824770bb18857
SHA-256: 42ab880cd37241c5d598f892cbfe4399c013b8dd6838a99bdbec30b09dc8c5ed
Size: 850.92 kB - gimp-libs-3.0.4-1.el9_7.5.x86_64.rpm
MD5: 1fe34d356e9a08fc8e9a9e0c99c11a89
SHA-256: 550ad2b07106226850cef997acff4d407289afe57ad0d788aff2385d39c2e198
Size: 802.76 kB
English