PublicDateAtUSN: 2016-06-24
Candidate: CVE-2016-4994
PublicDate: 2016-07-12 19:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4994
 https://ubuntu.com/security/notices/USN-3025-1
Description:
 Use-after-free vulnerability in the xcf_load_image function in
 app/xcf/xcf-load.c in GIMP allows remote attackers to cause a denial of
 service (program crash) or possibly execute arbitrary code via a crafted
 XCF file.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828179
 https://bugzilla.gnome.org/show_bug.cgi?id=767873
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]

Patches_gimp:
 upstream: https://git.gnome.org/browse/gimp/commit/?id=e82aaa4b4ee0703c879e35ea9321fff6be3e9b6f
upstream_gimp: needed
precise_gimp: released (2.6.12-1ubuntu1.4)
trusty_gimp: released (2.8.10-0ubuntu1.1)
trusty/esm_gimp: DNE (trusty was released [2.8.10-0ubuntu1.1])
vivid/stable-phone-overlay_gimp: DNE
vivid/ubuntu-core_gimp: DNE
wily_gimp: released (2.8.14-1ubuntu2.1)
xenial_gimp: released (2.8.16-1ubuntu1.1)
devel_gimp: released (2.8.16-1ubuntu3)