CVE-2023-44444
Published: 03 May 2024
Summary
CVE-2023-44444 is a high-severity Off-by-one Error (CWE-193) vulnerability in Gimp Gimp. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 2.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
GIMP contains an off-by-one vulnerability in its PSP file parser that permits remote code execution on affected installations. The flaw occurs when the parser calculates a write location inside a heap buffer while processing specially crafted data inside a PSP image; successful exploitation grants arbitrary code execution in the context of the GIMP process. The issue was originally reported as ZDI-CAN-22097 and carries a CVSS 3.0 base score of 7.8.
An attacker can exploit the weakness by supplying a malicious PSP file that the victim must open, either directly or by visiting a page that delivers the file. No other privileges are required beyond the ability to induce the user to open the crafted image, after which the attacker gains code execution under the privileges of the running GIMP instance.
The GIMP 2.10.36 release notes and the corresponding Zero Day Initiative advisory ZDI-23-1591 indicate that the vulnerability is resolved in that version; Debian subsequently included the fix in its LTS updates. The EPSS score has remained at 0.5179 since disclosure with no material increase observed.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-48784
Vulnerability details
GIMP PSP File Parsing Off-By-One Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page…
more
or open a malicious file. The specific flaw exists within the parsing of PSP files. Crafted data in a PSP file can trigger an off-by-one error when calculating a location to write within a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-22097.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.