Vulnerabilities > CVE-2017-17784 - Out-of-bounds Read vulnerability in multiple products

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
gimp
debian
canonical
CWE-125
nessus

Summary

In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data.

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1220.NASL
    descriptionHanno Böck found several buffer overflows in GIMP, the GNU Image Manipulation Program, which could lead to application crash or other unspecified behaviour if a user opened untrusted input files. For Debian 7
    last seen2020-03-17
    modified2017-12-26
    plugin id105427
    published2017-12-26
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/105427
    titleDebian DLA-1220-1 : gimp security update
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Debian Security Advisory DLA-1220-1. The text
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(105427);
      script_version("3.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2017-17784", "CVE-2017-17785", "CVE-2017-17786", "CVE-2017-17787", "CVE-2017-17788", "CVE-2017-17789");
    
      script_name(english:"Debian DLA-1220-1 : gimp security update");
      script_summary(english:"Checks dpkg output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Hanno Böck found several buffer overflows in GIMP, the GNU Image
    Manipulation Program, which could lead to application crash or other
    unspecified behaviour if a user opened untrusted input files.
    
    For Debian 7 'Wheezy', these problems have been fixed in version
    2.8.2-2+deb7u3.
    
    We recommend that you upgrade your gimp packages.
    
    NOTE: Tenable Network Security has extracted the preceding description
    block directly from the DLA security advisory. Tenable has attempted
    to automatically clean and format it as much as possible without
    introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.debian.org/debian-lts-announce/2017/12/msg00023.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/wheezy/gimp"
      );
      script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gimp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gimp-data");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gimp-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libgimp2.0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libgimp2.0-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libgimp2.0-doc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/12/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/26");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"7.0", prefix:"gimp", reference:"2.8.2-2+deb7u3")) flag++;
    if (deb_check(release:"7.0", prefix:"gimp-data", reference:"2.8.2-2+deb7u3")) flag++;
    if (deb_check(release:"7.0", prefix:"gimp-dbg", reference:"2.8.2-2+deb7u3")) flag++;
    if (deb_check(release:"7.0", prefix:"libgimp2.0", reference:"2.8.2-2+deb7u3")) flag++;
    if (deb_check(release:"7.0", prefix:"libgimp2.0-dev", reference:"2.8.2-2+deb7u3")) flag++;
    if (deb_check(release:"7.0", prefix:"libgimp2.0-doc", reference:"2.8.2-2+deb7u3")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1023.NASL
    descriptionAccording to the versions of the gimp packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data.(CVE-2017-17784) - In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c.(CVE-2017-17785) - In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in plug-ins/common/file-tga.c (related to bgr2rgb.part.1) via an unexpected bits-per-pixel value for an RGBA image.(CVE-2017-17786) - In GIMP 2.8.22, there is a heap-based buffer over-read in read_creator_block in plug-ins/common/file-psp.c.(CVE-2017-1778) - In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when there is no
    last seen2020-05-06
    modified2018-01-19
    plugin id106164
    published2018-01-19
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106164
    titleEulerOS 2.0 SP2 : gimp (EulerOS-SA-2018-1023)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(106164);
      script_version("3.11");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04");
    
      script_cve_id(
        "CVE-2017-17784",
        "CVE-2017-17785",
        "CVE-2017-17786",
        "CVE-2017-17787",
        "CVE-2017-17788",
        "CVE-2017-17789"
      );
    
      script_name(english:"EulerOS 2.0 SP2 : gimp (EulerOS-SA-2018-1023)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the gimp packages installed, the EulerOS
    installation on the remote host is affected by the following
    vulnerabilities :
    
      - In GIMP 2.8.22, there is a heap-based buffer over-read
        in load_image in plug-ins/common/file-gbr.c in the gbr
        import parser, related to mishandling of UTF-8
        data.(CVE-2017-17784)
    
      - In GIMP 2.8.22, there is a heap-based buffer overflow
        in the fli_read_brun function in
        plug-ins/file-fli/fli.c.(CVE-2017-17785)
    
      - In GIMP 2.8.22, there is a heap-based buffer over-read
        in ReadImage in plug-ins/common/file-tga.c (related to
        bgr2rgb.part.1) via an unexpected bits-per-pixel value
        for an RGBA image.(CVE-2017-17786)
    
      - In GIMP 2.8.22, there is a heap-based buffer over-read
        in read_creator_block in
        plug-ins/common/file-psp.c.(CVE-2017-1778)
    
      - In GIMP 2.8.22, there is a stack-based buffer over-read
        in xcf_load_stream in app/xcf/xcf.c when there is no
        '\\0' character after the version
        string.(CVE-2017-17788)
    
      - In GIMP 2.8.22, there is a heap-based buffer overflow
        in read_channel_data in
        plug-ins/common/file-psp.c.(CVE-2017-17789)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1023
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?46e8d2a7");
      script_set_attribute(attribute:"solution", value:
    "Update the affected gimp packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/01/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/19");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:gimp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:gimp-libs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["gimp-2.8.10-3.h1",
            "gimp-libs-2.8.10-3.h1"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gimp");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-67B75F73FA.NASL
    descriptionSecurity fix for CVE-2017-17784 CVE-2017-17785 CVE-2017-17786 CVE-2017-17787 CVE-2017-17788 CVE-2017-17789 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-01-15
    plugin id106030
    published2018-01-15
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106030
    titleFedora 27 : 2:gimp (2018-67b75f73fa)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2018-67b75f73fa.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(106030);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2017-17784", "CVE-2017-17785", "CVE-2017-17786", "CVE-2017-17787", "CVE-2017-17788", "CVE-2017-17789");
      script_xref(name:"FEDORA", value:"2018-67b75f73fa");
    
      script_name(english:"Fedora 27 : 2:gimp (2018-67b75f73fa)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Security fix for CVE-2017-17784 CVE-2017-17785 CVE-2017-17786
    CVE-2017-17787 CVE-2017-17788 CVE-2017-17789
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-67b75f73fa"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected 2:gimp package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:2:gimp");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:27");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/12/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/01/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/15");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^27([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 27", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC27", reference:"gimp-2.8.22-3.fc27", epoch:"2")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "2:gimp");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1022.NASL
    descriptionAccording to the versions of the gimp packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data.(CVE-2017-17784) - In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c.(CVE-2017-17785) - In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in plug-ins/common/file-tga.c (related to bgr2rgb.part.1) via an unexpected bits-per-pixel value for an RGBA image.(CVE-2017-17786) - In GIMP 2.8.22, there is a heap-based buffer over-read in read_creator_block in plug-ins/common/file-psp.c.(CVE-2017-1778) - In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when there is no
    last seen2020-05-06
    modified2018-01-19
    plugin id106163
    published2018-01-19
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106163
    titleEulerOS 2.0 SP1 : gimp (EulerOS-SA-2018-1022)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(106163);
      script_version("3.11");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04");
    
      script_cve_id(
        "CVE-2017-17784",
        "CVE-2017-17785",
        "CVE-2017-17786",
        "CVE-2017-17787",
        "CVE-2017-17788",
        "CVE-2017-17789"
      );
    
      script_name(english:"EulerOS 2.0 SP1 : gimp (EulerOS-SA-2018-1022)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the gimp packages installed, the EulerOS
    installation on the remote host is affected by the following
    vulnerabilities :
    
      - In GIMP 2.8.22, there is a heap-based buffer over-read
        in load_image in plug-ins/common/file-gbr.c in the gbr
        import parser, related to mishandling of UTF-8
        data.(CVE-2017-17784)
    
      - In GIMP 2.8.22, there is a heap-based buffer overflow
        in the fli_read_brun function in
        plug-ins/file-fli/fli.c.(CVE-2017-17785)
    
      - In GIMP 2.8.22, there is a heap-based buffer over-read
        in ReadImage in plug-ins/common/file-tga.c (related to
        bgr2rgb.part.1) via an unexpected bits-per-pixel value
        for an RGBA image.(CVE-2017-17786)
    
      - In GIMP 2.8.22, there is a heap-based buffer over-read
        in read_creator_block in
        plug-ins/common/file-psp.c.(CVE-2017-1778)
    
      - In GIMP 2.8.22, there is a stack-based buffer over-read
        in xcf_load_stream in app/xcf/xcf.c when there is no
        '\\0' character after the version
        string.(CVE-2017-17788)
    
      - In GIMP 2.8.22, there is a heap-based buffer overflow
        in read_channel_data in
        plug-ins/common/file-psp.c.(CVE-2017-17789)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1022
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?74b47013");
      script_set_attribute(attribute:"solution", value:
    "Update the affected gimp packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/01/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/19");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:gimp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:gimp-libs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(1)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["gimp-2.8.10-3.h7",
            "gimp-libs-2.8.10-3.h7"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"1", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gimp");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3539-1.NASL
    descriptionIt was discovered that GIMP incorrectly handled certain images. If a user were tricked into opening a specially crafted image, an attacker could possibly use this to execute arbitrary code. (CVE-2017-17784, CVE-2017-17785, CVE-2017-17786, CVE-2017-17787, CVE-2017-17788, CVE-2017-17789). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id106267
    published2018-01-23
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106267
    titleUbuntu 14.04 LTS : gimp vulnerabilities (USN-3539-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3539-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(106267);
      script_version("3.6");
      script_cvs_date("Date: 2019/09/18 12:31:47");
    
      script_cve_id("CVE-2017-17784", "CVE-2017-17785", "CVE-2017-17786", "CVE-2017-17787", "CVE-2017-17788", "CVE-2017-17789");
      script_xref(name:"USN", value:"3539-1");
    
      script_name(english:"Ubuntu 14.04 LTS : gimp vulnerabilities (USN-3539-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that GIMP incorrectly handled certain images. If a
    user were tricked into opening a specially crafted image, an attacker
    could possibly use this to execute arbitrary code. (CVE-2017-17784,
    CVE-2017-17785, CVE-2017-17786, CVE-2017-17787, CVE-2017-17788,
    CVE-2017-17789).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3539-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected gimp and / or libgimp2.0 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gimp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libgimp2.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/12/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/01/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/23");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(14\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"14.04", pkgname:"gimp", pkgver:"2.8.10-0ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"libgimp2.0", pkgver:"2.8.10-0ubuntu1.2")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gimp / libgimp2.0");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4077.NASL
    descriptionSeveral vulnerabilities were discovered in GIMP, the GNU Image Manipulation Program, which could result in denial of service (application crash) or potentially the execution of arbitrary code if malformed files are opened.
    last seen2020-06-01
    modified2020-06-02
    plugin id105499
    published2018-01-02
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105499
    titleDebian DSA-4077-1 : gimp - security update