GIMP, the open source image editor for Linux, has received an update to version 2.8.12. The new maintenance update addresses a bug that has been existed since June 2007.
Titled CVE-2007-3126, the vulnerability was hidden behind the ICO plugin. It was allowing context-dependent attackers to cause a denial of service using an InfoHeader containing a height of zero.
The development team behind GIMP had attempted to address the issues through the vulnerability at the time of its 2.8 release. But it failed to replicate the bug.
“Due to this bug, the ICO file import plugin could be crashed by specially crafted image files. Our attempts to reproduce the bug failed with 2.8 and thus the impact had likely been minimal for years, but now it is gone for good,” the GIMP team writes in a blog post.
Minor improvements on board
In addition to the bug-fix, the new version improves the overall performance of GIMP on Mac devices. There were also some reported issues during clipboard or drag and drop operations that have been addressed. Additionally, the small changelog includes improved drawing performance in single-window mode while using a theme based on GTK+ Pixmap engine.
You can download the GIMP 2.8.22 release directly from its official website. Its source code is also available in a GitHub repository.