Alpine: multiple gimp packages: security update to 2.8.22-r1 (deprecated)

high Tenable Cloud Security Plugin ID 400769

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c.
(CVE-2017-17789)

- In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the
gbr import parser, related to mishandling of UTF-8 data. (CVE-2017-17784)

- In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun function in plug-ins/file-
fli/fli.c. (CVE-2017-17785)

- In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in plug-ins/common/file-tga.c (related
to bgr2rgb.part.1) via an unexpected bits-per-pixel value for an RGBA image. (CVE-2017-17786)

- In GIMP 2.8.22, there is a heap-based buffer over-read in read_creator_block in plug-ins/common/file-
psp.c. (CVE-2017-17787)

See Also

https://git.alpinelinux.org/aports/commit/?id=7f6b53170f527254ed08ba040a84ec717ad878d1

https://git.alpinelinux.org/aports/commit/?id=bc4cd8da3b3bfbda7a2524d038067b58f27c66c1

Plugin Details

Severity: High

ID: 400769

Version: Revision 1.23

Type: Local

Published: 8/16/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.15

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2017-17789

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/28/2017

Vulnerability Publication Date: 12/20/2017

Reference Information

CVE: CVE-2017-17784, CVE-2017-17785, CVE-2017-17786, CVE-2017-17787, CVE-2017-17788, CVE-2017-17789

BID: 102765, 102766, 102898, 102899, 102900