CVE-2022-32990: An issue in gimp_layer_invalidate_boundary of GNOME GIMP 2.10.30 allows attackers to trigger an unhandled exception via a crafted XCF file, causing a Denial of Service (DoS). Patches seem to be in 2.10.32: https://gitlab.gnome.org/GNOME/gimp/-/commit/6ab90ecbbd7cc95901933f62227fd140c0576d55 https://gitlab.gnome.org/GNOME/gimp/-/commit/e7d4b580e514029f28dc9bd59c66187e166db47c Please stabilize 2.10.32.
Stable request: https://bugs.gentoo.org/856790
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=180e767499a9434ebbee66cab692bdc5c0278f98 commit 180e767499a9434ebbee66cab692bdc5c0278f98 Author: Sergey Torokhov <torokhov-s-a@yandex.ru> AuthorDate: 2022-07-11 21:24:09 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-07-11 22:48:01 +0000 media-gfx/gimp: cleanup CVEs affected 2.10.28, 2.10.30 Bug: https://bugs.gentoo.org/845402 Bug: https://bugs.gentoo.org/856283 Signed-off-by: Sergey Torokhov <torokhov-s-a@yandex.ru> Signed-off-by: John Helmert III <ajak@gentoo.org> media-gfx/gimp/Manifest | 2 - media-gfx/gimp/gimp-2.10.28-r1.ebuild | 211 ---------------------------------- media-gfx/gimp/gimp-2.10.30.ebuild | 211 ---------------------------------- 3 files changed, 424 deletions(-)
Thanks!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=48267be615fa17f9c0c612da614b6ffb7d7cba54 commit 48267be615fa17f9c0c612da614b6ffb7d7cba54 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2025-01-17 07:05:31 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2025-01-17 07:05:55 +0000 [ GLSA 202501-02 ] GIMP: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/845402 Bug: https://bugs.gentoo.org/856283 Bug: https://bugs.gentoo.org/917406 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202501-02.xml | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+)