SecuritySpace - CVE-2023-44444

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2023-44444

Description: GIMP PSP File Parsing Off-By-One Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSP files. Crafted data in a PSP file can trigger an off- by-one error when calculating a location to write within a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22097.

Test IDs: 1.3.6.1.4.1.25623.1.1.1.2.2023.3659

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2023-44444
ZDI-23-1591
https://www.zerodayinitiative.com/advisories/ZDI-23-1591/
vendor-provided URL
https://www.gimp.org/news/2023/11/07/gimp-2-10-36-released/

CVE ID:	CVE-2023-44444
Description:	GIMP PSP File Parsing Off-By-One Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSP files. Crafted data in a PSP file can trigger an off- by-one error when calculating a location to write within a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22097.
Test IDs:	1.3.6.1.4.1.25623.1.1.1.2.2023.3659
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2023-44444 ZDI-23-1591 https://www.zerodayinitiative.com/advisories/ZDI-23-1591/ vendor-provided URL https://www.gimp.org/news/2023/11/07/gimp-2-10-36-released/