HomeGimpCVE-2017-17788

CVE-2017-17788

MEDIUM
5.5CVSS
Published: 2017-12-20
Updated: 2025-04-20
AI Analysis

Description

In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when there is no '\0' character after the version string.

CVSS Metrics

Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
local
Complexity
low
Privileges
none
User Action
required
Scope
unchanged
Confidentiality
none
Integrity
none
Availability
high
Weaknesses
CWE-125

Metadata

Primary Vendor
GIMP
Published
12/20/2017
Last Modified
4/20/2025
Source
NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

gimp : gimpdebian : debian_linuxdebian : debian_linuxdebian : debian_linuxcanonical : ubuntu_linux

AI-Powered Remediation

Generate remediation guidance or a C-suite brief for this vulnerability.

Executive Intelligence Brief

View on NIST NVD