A flaw was found in GIMP's PSD parser. An integer overflow in readRLEchannel() can cause an undersized heap allocation for the RLE row-length table, after which subsequent per-row writes corrupt heap memory. This could lead to memory corruption, potentially resulting in denial of service or arbitrary code execution.
{
"binaries": [
{
"binary_name": "gimp",
"binary_version": "3.0.4-6.1"
},
{
"binary_name": "gimp-data",
"binary_version": "3.0.4-6.1"
},
{
"binary_name": "gir1.2-gimp-3.0",
"binary_version": "3.0.4-6.1"
},
{
"binary_name": "libgimp-3.0-0",
"binary_version": "3.0.4-6.1"
},
{
"binary_name": "libgimp-3.0-bin",
"binary_version": "3.0.4-6.1"
}
]
}{
"binaries": [
{
"binary_name": "gimp",
"binary_version": "3.2.2-1"
},
{
"binary_name": "gimp-data",
"binary_version": "3.2.2-1"
},
{
"binary_name": "gir1.2-gimp-3.0",
"binary_version": "3.2.2-1"
},
{
"binary_name": "libgimp-3.0-0",
"binary_version": "3.2.2-1"
},
{
"binary_name": "libgimp-3.0-bin",
"binary_version": "3.2.2-1"
}
]
}