Stack-based Buffer Over-read Vulnerability in GIMP 2.8.22's xcf_load_stream Function

Stack-based Buffer Over-read Vulnerability in GIMP 2.8.22's xcf_load_stream Function

CVE-2017-17788 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when there is no '\0' character after the version string.

Learn more about our Web Application Penetration Testing UK.