Headline
RHSA-2022:7978: Red Hat Security Advisory: gimp security and enhancement update
An update for gimp is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-30067: gimp: buffer overflow through a crafted XCF file
- CVE-2022-32990: gimp: unhandled exception via a crafted XCF file may lead to DoS
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-11-15
Updated:
2022-11-15
RHSA-2022:7978 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: gimp security and enhancement update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for gimp is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The GIMP (GNU Image Manipulation Program) is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo.
Security Fix(es):
- gimp: buffer overflow through a crafted XCF file (CVE-2022-30067)
- gimp: unhandled exception via a crafted XCF file may lead to DoS (CVE-2022-32990)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
Fixes
- BZ - 2087591 - CVE-2022-30067 gimp: buffer overflow through a crafted XCF file
- BZ - 2103202 - CVE-2022-32990 gimp: unhandled exception via a crafted XCF file may lead to DoS
References
- https://access.redhat.com/security/updates/classification/#moderate
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index
Red Hat Enterprise Linux for x86_64 9
SRPM
gimp-2.99.8-3.el9.src.rpm
SHA-256: b8a024add9b19d56d8d8021fdbf251b85f4b61d8ef157a0ef551c0059f73239b
x86_64
gimp-2.99.8-3.el9.x86_64.rpm
SHA-256: b334afc4034e79603563edb42261f898737ca12c0c34af51cd38a5b0558dd12c
gimp-debuginfo-2.99.8-3.el9.i686.rpm
SHA-256: fd44cf0c354fcee68dd50c80c5cf4fd1167761f4e08e5a6d1f4a5ed0bd35e291
gimp-debuginfo-2.99.8-3.el9.x86_64.rpm
SHA-256: 4be6cc809fbe7629bbd078121458c532724e3eba84e604bc73384ef7ccc92f04
gimp-debugsource-2.99.8-3.el9.i686.rpm
SHA-256: 3db5aa5aafd4e9e2d5f76a676dc1865970030876daac8e36a4202fe6698553c5
gimp-debugsource-2.99.8-3.el9.x86_64.rpm
SHA-256: bb8e4fb3dc80da298aa027207d9b0e7d9a8f526abd5a6550333bf08a4325026d
gimp-devel-tools-debuginfo-2.99.8-3.el9.i686.rpm
SHA-256: 2f9447c0fbe0c613f26c7d10157583c681f10cd91f3d36bb95391c1d614efd68
gimp-devel-tools-debuginfo-2.99.8-3.el9.x86_64.rpm
SHA-256: 72ba1fb67d73b2ee8880cfb641d3656fa922d46a71999dce1dbea6d95699f215
gimp-libs-2.99.8-3.el9.i686.rpm
SHA-256: 804d8498511d0cd3692b134caf5f22f02df717d40eb3947089728ec3efad8af1
gimp-libs-2.99.8-3.el9.x86_64.rpm
SHA-256: 7d233c3fe0219bd06b62e1467f0b8afdacce093fd7b2a77c74ffb505f5172026
gimp-libs-debuginfo-2.99.8-3.el9.i686.rpm
SHA-256: 020512cdfb8970a130ac440e32a537421e589a160f1249f93b37eebd4440be83
gimp-libs-debuginfo-2.99.8-3.el9.x86_64.rpm
SHA-256: 35850756bddadcf50811f6c330f4b1744ae109c3b3b6347f796f7cc0df2edf6c
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
gimp-2.99.8-3.el9.src.rpm
SHA-256: b8a024add9b19d56d8d8021fdbf251b85f4b61d8ef157a0ef551c0059f73239b
s390x
gimp-2.99.8-3.el9.s390x.rpm
SHA-256: 442dc9e0481ac9bb7f741537838e51e9b50d4e6b0e497b7a759951b3ba1fa7d2
gimp-debuginfo-2.99.8-3.el9.s390x.rpm
SHA-256: 99a039f9393e744510bfec3725432320ee894a6b5d2152798390522facb19907
gimp-debugsource-2.99.8-3.el9.s390x.rpm
SHA-256: 3464e881da9a25e329d5c301b28653be370ff8a583c7ab31e0aa3aa962f2ba68
gimp-devel-tools-debuginfo-2.99.8-3.el9.s390x.rpm
SHA-256: 01673363c59f7ccfcce2041b8545b84ad191f650478055d87f78049f7eab1259
gimp-libs-2.99.8-3.el9.s390x.rpm
SHA-256: fd312fdee1db00a87e80ffa77430854522039eedf618fb346dd0757d825a0bdb
gimp-libs-debuginfo-2.99.8-3.el9.s390x.rpm
SHA-256: 63acd580eec234337858209822d52c489fb558bfc5201ebc1684593bb1b19945
Red Hat Enterprise Linux for Power, little endian 9
SRPM
gimp-2.99.8-3.el9.src.rpm
SHA-256: b8a024add9b19d56d8d8021fdbf251b85f4b61d8ef157a0ef551c0059f73239b
ppc64le
gimp-2.99.8-3.el9.ppc64le.rpm
SHA-256: 3a6c653e4193343b65123179c3eef58c381c0a40e527e42aa935e51c8edfa7ce
gimp-debuginfo-2.99.8-3.el9.ppc64le.rpm
SHA-256: 4eb8dd8c353f259083d3a07b985c0390e21bdcecc6cc586ceb9eae2b7fc323e3
gimp-debugsource-2.99.8-3.el9.ppc64le.rpm
SHA-256: 2dd236bd9781ce615ac5ceb98a6cc84467cf405c6a6f93310989386860a1f93c
gimp-devel-tools-debuginfo-2.99.8-3.el9.ppc64le.rpm
SHA-256: 32eefdf83c96493ee469d473ced01fec61df2dba1e8de37c7b0fcf523ef2d07d
gimp-libs-2.99.8-3.el9.ppc64le.rpm
SHA-256: effd501d3b8fd77ef73ca6cc17056a04f106dd13249bea5dd008c11f0ebe6020
gimp-libs-debuginfo-2.99.8-3.el9.ppc64le.rpm
SHA-256: bc5d4e195620aec7dd68baa06db6b846e884cfcf5dfe87aa7dfc70814b5064e9
Red Hat Enterprise Linux for ARM 64 9
SRPM
gimp-2.99.8-3.el9.src.rpm
SHA-256: b8a024add9b19d56d8d8021fdbf251b85f4b61d8ef157a0ef551c0059f73239b
aarch64
gimp-2.99.8-3.el9.aarch64.rpm
SHA-256: 8def68469363c8987f596458446e370502fdce5f6e74764b9bb3b9a23d4b4f6e
gimp-debuginfo-2.99.8-3.el9.aarch64.rpm
SHA-256: a1732e5bf6c681268efe2b69aa7bcb97736c55f3684c665152e94061b92ead8e
gimp-debugsource-2.99.8-3.el9.aarch64.rpm
SHA-256: 5d850c54960c60ffb25c077b82e0b4c8d1bae8fda3b34e50e5ee82cb91f9a53a
gimp-devel-tools-debuginfo-2.99.8-3.el9.aarch64.rpm
SHA-256: 13e44ad9a61b496429a4e4a757205acdae25f4a093dd6db98c1a84afe8396452
gimp-libs-2.99.8-3.el9.aarch64.rpm
SHA-256: 8d312fef10e35cfa51b985cb4f8ddae613449b4265bcb0ecc3c16a08d140a5eb
gimp-libs-debuginfo-2.99.8-3.el9.aarch64.rpm
SHA-256: 93fea115285e4ef807607405aefc612f96ced7b82532728e6b8fcbf3f53cfb91
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Ubuntu Security Notice 6521-1 - It was discovered that GIMP incorrectly handled certain image files. If a user were tricked into opening a specially crafted image, an attacker could use this issue to cause GIMP to crash, resulting in a denial of service, or possibly execute arbitrary code.
Red Hat Security Advisory 2022-7978-01 - The GIMP is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. Issues addressed include buffer overflow and denial of service vulnerabilities.
An issue in gimp_layer_invalidate_boundary of GNOME GIMP 2.10.30 allows attackers to trigger an unhandled exception via a crafted XCF file, causing a Denial of Service (DoS).
GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Through a crafted XCF file, the program will allocate for a huge amount of memory, resulting in insufficient memory or program crash.