Skip table of contents First published 22 January 2023 CVSS 3.1: 8.2 (High) CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Summary Multiple security vulnerabilities have been discovered in the GIMP image processing library used in IGEL OS. This affects the following IGEL products: IGEL OS 11 (not in the default configuration) Details GIMP is vulnerable to crafted files in several formats: Processing DDS, PSP or PSD files can cause overflows and enable remote code execution (CVE-2023-44441, CVE-2023-44442, CVE-2023-44443). This is rated as high. Crafted XCF files can exhaust memory or trigger an unhandled exception, which may lead to a denial of service (CVE-2022-30067, CVE-2022-32990), which is rated as medium. Mitigation GIMP is not active in the IGEL OS 11 default configuration. It is only mounted if you activate Scanner Support / SANE (Limited Support …) in System > Firmware Customization > Features in Setup. If you have it activated, you can deactivate it to mitigate this vulnerability. Update Instructions OS 11: Update to IGEL OS version 11.09.210 or newer References CVE-2023-44441: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44441 CVE-2023-44442: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44442 CVE-2023-44443: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44443 CVE-2023-44444: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44444 CVE-2022-30067: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30067 CVE-2022-32990: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32990