ALT Linux Team

Package gimp update in sisyphus on 2018-07-05

ALT-PU-2018-1981-1

Package gimp updated to version 2.10.4-alt1 for branch sisyphus in task 209518.

Closed vulnerabilities

Published: 2018-06-25
Modified: 2024-11-21

CVE-2018-12713

GIMP through 2.10.2 makes g_get_tmp_dir calls to establish temporary filenames, which may result in a filename that already exists, as demonstrated by the gimp_write_and_read_file function in app/tests/test-xcf.c. This might be leveraged by attackers to overwrite files or read file content that was intended to be private.

Severity: CRITICAL (9.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top