Bug 1073628 (CVE-2017-17787) - VUL-1: CVE-2017-17787: gimp: OOB read in PSP
Summary: VUL-1: CVE-2017-17787: gimp: OOB read in PSP
Status: RESOLVED FIXED
Alias: CVE-2017-17787
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/196894/
Whiteboard: CVSSv2:SUSE:CVE-2017-17787:5.0:(AV:N...
Keywords:
Depends on:
Blocks:
 
Reported: 2017-12-20 09:18 UTC by Alexander Bergmann
Modified: 2024-05-08 11:39 UTC (History)
6 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2017-12-20 09:18:11 UTC 
http://seclists.org/oss-sec/2017/q4/427

CVE-2017-17787

OOB read in PSP (no patch)
https://bugzilla.gnome.org/show_bug.cgi?id=790853
Comment 1 Alexander Bergmann 2017-12-20 10:26:49 UTC 
No upstream fix yet.
Comment 2 Scott Reeves 2018-08-17 22:26:01 UTC 
Hi Yifan, can you have your team take this. Thanks.
Comment 4 Wolfgang Frisch 2020-08-19 12:19:21 UTC 
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17787
https://bugzilla.gnome.org/show_bug.cgi?id=790853

Upstream fixes:
https://git.gnome.org/browse/GIMP/commit/?id=eb2980683e6472aff35a3117587c4f814515c74d (master)
https://git.gnome.org/browse/GIMP/commit/?id=87ba505fff85989af795f4ab6a047713f4d9381d (gimp-2-8)

SUSE:SLE-12-SP2:Update   gimp      Affected
SUSE:SLE-15:Update       gimp      Affected
SUSE:SLE-15-SP2:Update   gimp      Already fixed
Comment 7 Swamp Workflow Management 2020-12-28 17:16:35 UTC 
SUSE-SU-2020:3940-1: An update that solves one vulnerability and has one errata is now available.

Category: security (important)
Bug References: 1073628,1178726
CVE References: CVE-2017-17787
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP1 (src):    gimp-2.8.22-5.8.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 8 Swamp Workflow Management 2020-12-28 23:15:29 UTC 
openSUSE-SU-2020:2357-1: An update that solves one vulnerability and has one errata is now available.

Category: security (important)
Bug References: 1073628,1178726
CVE References: CVE-2017-17787
JIRA References: 
Sources used:
openSUSE Leap 15.1 (src):    gimp-2.8.22-lp151.5.6.1
Comment 10 Swamp Workflow Management 2020-12-29 17:18:11 UTC 
SUSE-SU-2020:3944-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1073628
CVE References: CVE-2017-17787
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    gimp-2.8.18-9.15.2
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    gimp-2.8.18-9.15.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 11 Jia Zhaocong 2022-10-19 03:40:49 UTC 
Cleaning up GNOME CVE backlog. The fix has been submitted and accepted. Assign back to security team.