845402 – (CVE-2022-30067) <media-gfx/gimp-2.10.32: memory exhaustion via crafted file

Bug 845402 (CVE-2022-30067) - <media-gfx/gimp-2.10.32: memory exhaustion via crafted file

Summary: <media-gfx/gimp-2.10.32: memory exhaustion via crafted file

Status:	IN_PROGRESS

Alias:	CVE-2022-30067

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	https://gitlab.gnome.org/GNOME/gimp/-...
Whiteboard:	B3 [glsa?]
Keywords:	PullRequest

Depends on:	856790
Blocks:
	Show dependency tree

Reported:	2022-05-18 17:47 UTC by John Helmert III
Modified:	2022-07-11 22:58 UTC (History)
CC List:	2 users (show)

See Also:	https://github.com/gentoo/gentoo/pull/25757 https://github.com/gentoo/gentoo/pull/26355
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2022-05-18 17:47:36 UTC

CVE-2022-30067:

GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Through a crafted XCF file, the program will allocate for a huge amount of memory, resulting in insufficient memory or program crash.

Patch: https://gitlab.gnome.org/GNOME/gimp/-/commit/4f99f1fcfd892ead19831b5adcd38a99d71214b6

Comment 1 Sergey Torokhov 2022-06-15 20:52:40 UTC

Pull Request updated with gimp-2.10.32 version bump instead of patched version of gimp-2.10.30.

Comment 2 Larry the Git Cow gentoo-dev

2022-06-15 20:58:29 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7d2e5965d2cee1eb84e26896fec3321e2d195527

commit 7d2e5965d2cee1eb84e26896fec3321e2d195527
Author:     Sergey Torokhov <torokhov-s-a@yandex.ru>
AuthorDate: 2022-06-04 20:47:53 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-06-15 20:56:26 +0000

    media-gfx/gimp: 2.10.32 version bump, fix CVE-2022-30067
    
    Bug: https://bugs.gentoo.org/845402
    
    Signed-off-by: Sergey Torokhov <torokhov-s-a@yandex.ru>
    Closes: https://github.com/gentoo/gentoo/pull/25757
    Signed-off-by: Sam James <sam@gentoo.org>

 media-gfx/gimp/Manifest            |   1 +
 media-gfx/gimp/gimp-2.10.32.ebuild | 210 +++++++++++++++++++++++++++++++++++++
 2 files changed, 211 insertions(+)

Comment 3 Sergey Torokhov 2022-07-07 06:20:11 UTC

Stable request: https://bugs.gentoo.org/856790

Comment 4 John Helmert III archtester

2022-07-08 17:46:08 UTC

Thanks! In the future you can just add the security bugs to stablereqs in the "blocks" field.

Comment 5 John Helmert III archtester

2022-07-10 22:03:45 UTC

Please cleanup

Comment 6 Larry the Git Cow gentoo-dev

2022-07-11 22:50:07 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=180e767499a9434ebbee66cab692bdc5c0278f98

commit 180e767499a9434ebbee66cab692bdc5c0278f98
Author:     Sergey Torokhov <torokhov-s-a@yandex.ru>
AuthorDate: 2022-07-11 21:24:09 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-07-11 22:48:01 +0000

    media-gfx/gimp: cleanup CVEs affected 2.10.28, 2.10.30
    
    Bug: https://bugs.gentoo.org/845402
    Bug: https://bugs.gentoo.org/856283
    
    Signed-off-by: Sergey Torokhov <torokhov-s-a@yandex.ru>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 media-gfx/gimp/Manifest               |   2 -
 media-gfx/gimp/gimp-2.10.28-r1.ebuild | 211 ----------------------------------
 media-gfx/gimp/gimp-2.10.30.ebuild    | 211 ----------------------------------
 3 files changed, 424 deletions(-)

Comment 7 John Helmert III archtester

2022-07-11 22:58:21 UTC

Thanks!