Alpine: multiple gimp packages: security update to 2.8.22-r2

high Tenable Cloud Security Plugin ID 404594

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c.
(CVE-2017-17789)

- In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the
gbr import parser, related to mishandling of UTF-8 data. (CVE-2017-17784)

- In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun function in plug-ins/file-
fli/fli.c. (CVE-2017-17785)

- In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in plug-ins/common/file-tga.c (related
to bgr2rgb.part.1) via an unexpected bits-per-pixel value for an RGBA image. (CVE-2017-17786)

- In GIMP 2.8.22, there is a heap-based buffer over-read in read_creator_block in plug-ins/common/file-
psp.c. (CVE-2017-17787)

See Also

https://security.alpinelinux.org/vuln/CVE-2017-17784

https://security.alpinelinux.org/vuln/CVE-2017-17785

https://security.alpinelinux.org/vuln/CVE-2017-17786

https://security.alpinelinux.org/vuln/CVE-2017-17787

https://security.alpinelinux.org/vuln/CVE-2017-17788

https://security.alpinelinux.org/vuln/CVE-2017-17789

Plugin Details

Severity: High

ID: 404594

Version: Revision 1.27

Type: Local

Published: 10/31/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.15

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2017-17789

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 12/20/2017

Reference Information

CVE: CVE-2017-17784, CVE-2017-17785, CVE-2017-17786, CVE-2017-17787, CVE-2017-17788, CVE-2017-17789

BID: 102765, 102766, 102898, 102899, 102900