GIMP 2.2.16 fixes security vulnerabilities
The GIMP development team has released version 2.2.16 of the open source image editing package. The new version fixes security related bugs by means of which attackers were able to use crafted images to execute arbitrary code on computers running the software.
According to security service provider iDefense, numerous plugins use a value from the image file to calculate the size of a buffer when loading various image formats. However, there is no integer overflow checking, with the result that a heap overflow can occur. The plugins for DICOM, PNM, PSD, PSP, Sun RAS, XBM and XWD images are all affected.
Version 2.2.16 fixes these security vulnerabilities. The bug in processing PSD files reported by Secunia last week is also fixed in the new version. GIMP users should update to version 2.2.16 as soon as it becomes available. Linux distributors should be releasing updated packages shortly.
- Multiple Vendor GIMP Multiple Integer Overflow Vulnerabilities, security advisory from iDefense
- Changelog for version 2.2.16 of GIMP
(mba)