Red Hat Security Advisory 2016-2589-02 - The GIMP is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. The following packages have been upgraded to a newer upstream version: gimp, gimp-help. Security Fix: Multiple use-after-free vulnerabilities were found in GIMP in the channel and layer properties parsing process when loading XCF files. An attacker could create a specially crafted XCF file which could cause GIMP to crash.
e7ccfcef1463062e604b45a00d164be00a3f9c8c18fce7320fdc48f7ef4fa887
Slackware Security Advisory - New gimp packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue.
392fdbb15e2406a2e95e9434965942b6e2760982231de9e6252d3eaa20a27e51
Ubuntu Security Notice 3025-1 - It was discovered that GIMP incorrectly handled malformed XCF files. If a user were tricked into opening a specially crafted XCF file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user's privileges.
f4883d83e7653e58a5a51631f142e075260510c3732cfb4884abb838a6206bfa
Debian Linux Security Advisory 3612-1 - Shmuel H discovered that GIMP, the GNU Image Manipulation Program, is prone to a use-after-free vulnerability in the channel and layer properties parsing process when loading a XCF file. An attacker can take advantage of this flaw to potentially execute arbitrary code with the privileges of the user running GIMP if a specially crafted XCF file is processed.
091347c6cc4180d8e8112e957c4dd08a82d007da8daacb8b67fbe108025814e8