gimp-3.0.4-4.el9_8.4
エラータID: AXSA:2026-1226:06
リリース日:
2026/07/09 Thursday - 14:02
題名:
gimp-3.0.4-4.el9_8.4
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- GIMP には、整数オーバーフローの問題があるため、ローカルの
攻撃者により、巧妙に細工された PSD ファイルを介して、任意の
コードの実行を可能とする脆弱性が存在します。(CVE-2026-4150)
- GIMP には、整数オーバーフローの問題があるため、ローカルの
攻撃者により、巧妙に細工された ANI ファイルを介して、任意の
コードの実行を可能とする脆弱性が存在します。(CVE-2026-4151)
- GIMP には、ヒープベースのバッファオーバーフローの問題が
あるため、ローカルの攻撃者により、巧妙に細工された JP2 ファイル
を介して、任意のコードの実行を可能とする脆弱性が存在します。
(CVE-2026-4152)
- GIMP には、ヒープベースのバッファオーバーフローの問題が
あるため、ローカルの攻撃者により、巧妙に細工された PSP ファイル
を介して、任意のコードの実行を可能とする脆弱性が存在します。
(CVE-2026-4153)
- GIMP には、整数オーバーフローの問題があるため、ローカルの
攻撃者により、巧妙に細工された PXM ファイルを介して、任意の
コードの実行を可能とする脆弱性が存在します。(CVE-2026-4154)
- GIMP には、オフバイワンエラーの問題があるため、ローカルの
攻撃者により、巧妙に細工された PCX ファイルを介して、情報の
漏洩、およびサービス拒否攻撃 (DoS) を可能とする脆弱性が存在
します。(CVE-2026-4887)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2026-4150
GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28807.
GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28807.
CVE-2026-4151
GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ANI files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28813.
GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ANI files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28813.
CVE-2026-4152
GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28863.
GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28863.
CVE-2026-4153
GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28874.
GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28874.
CVE-2026-4154
GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XPM files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28901.
GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XPM files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28901.
CVE-2026-4887
A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possible application crash, resulting in a Denial of Service (DoS).
A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possible application crash, resulting in a Denial of Service (DoS).
追加情報:
N/A
ダウンロード:
SRPMS
- gimp-3.0.4-4.el9_8.4.src.rpm
MD5: 33d03cb26777c9424c4d9209e014138b
SHA-256: f56e18991bf2a112ea9e605530fd0914a1ae6f308a4ceeb2ca28bc3ff9b52688
Size: 25.88 MB
Asianux Server 9 for x86_64
- gimp-3.0.4-4.el9_8.4.x86_64.rpm
MD5: a677817694cb8810e89b5e1bc863a4ba
SHA-256: a6013b734d49a52cc1cb4546ecb46ee190a7446329cfdd27c17336022b3b3143
Size: 20.92 MB - gimp-libs-3.0.4-4.el9_8.4.i686.rpm
MD5: 69cbae604387d7d338e6186d7cc24c30
SHA-256: 9f33da6b7ea44388a698480ab1764690270f75ac75f1d5a808b87b3fc6913ef1
Size: 851.30 kB - gimp-libs-3.0.4-4.el9_8.4.x86_64.rpm
MD5: f85f2b5b0b55d26ac3c2fe2c8d1f13d8
SHA-256: 9837848812535c0c01fbfa5d8dc4efdbb17a53a1b64bf691c32d85fbbe7060ab
Size: 803.08 kB