{"id":5683,"date":"2023-11-21T13:36:48","date_gmt":"2023-11-21T12:36:48","guid":{"rendered":"https:\/\/sajberinfo.com\/?p=5683"},"modified":"2023-11-21T13:42:26","modified_gmt":"2023-11-21T12:42:26","slug":"gimp-4-kriticne-ranjivosti","status":"publish","type":"post","link":"https:\/\/sajberinfo.com\/en\/2023\/11\/21\/gimp-4-kriticne-ranjivosti\/","title":{"rendered":"GIMP 4 kriti\u010dne ranjivosti"},"content":{"rendered":"<p><span style=\"font-size: 14pt;\"><em>GIMP \u2013 GNU Image Manipulation Program<\/em> je softver za za manipulaciju slikama i \u0161iroko se koristi za ure\u0111ivanje slika otvorenog k\u00f4da koji je stekao ogromnu popularnost me\u0111u grafi\u010dkim dizajnerima i entuzijastima i najpoznatija je alternativa za <em>Adobe Photoshop<\/em>. Me\u0111utim, nedavno su sigurnosni istra\u017eiva\u010di otkrili \u010detiri kriti\u010dna bezbjednosna propusta koje bi mogle predstavljati zna\u010dajnu opasnost za korisnike.<\/span><\/p>\n<div id=\"attachment_5685\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-5685\" class=\"size-full wp-image-5685\" src=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/11\/GIMP-\u2013-GNU-Image-Manipulation-Program-.jpg\" alt=\"GIMP\" width=\"1024\" height=\"1024\" srcset=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/11\/GIMP-\u2013-GNU-Image-Manipulation-Program-.jpg 1024w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/11\/GIMP-\u2013-GNU-Image-Manipulation-Program--300x300.jpg 300w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/11\/GIMP-\u2013-GNU-Image-Manipulation-Program--150x150.jpg 150w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/11\/GIMP-\u2013-GNU-Image-Manipulation-Program--768x768.jpg 768w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/11\/GIMP-\u2013-GNU-Image-Manipulation-Program--12x12.jpg 12w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/11\/GIMP-\u2013-GNU-Image-Manipulation-Program--80x80.jpg 80w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/11\/GIMP-\u2013-GNU-Image-Manipulation-Program--320x320.jpg 320w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><p id=\"caption-attachment-5685\" class=\"wp-caption-text\"><em>GIMP 4 kriti\u010dne ranjivosti; Source: Bing Image Creator<\/em><\/p><\/div>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Sadr\u017eaj<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #ffffff;color:#ffffff\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #ffffff;color:#ffffff\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewbox=\"0 0 24 24\" version=\"1.2\" baseprofile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/sajberinfo.com\/en\/2023\/11\/21\/gimp-4-kriticne-ranjivosti\/#GIMP_4_KRITICNE_RANJIVOSTI\" >GIMP 4 KRITI\u010cNE RANJIVOSTI<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/sajberinfo.com\/en\/2023\/11\/21\/gimp-4-kriticne-ranjivosti\/#ZASTITA\" >ZA\u0160TITA<\/a><\/li><\/ul><\/nav><\/div>\n\n<h2><span class=\"ez-toc-section\" id=\"GIMP_4_KRITICNE_RANJIVOSTI\"><\/span><span style=\"font-size: 14pt;\"><strong><em>GIMP<\/em> 4 KRITI\u010cNE RANJIVOSTI<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Sigurnosni istra\u017eiva\u010d <em>Michael Randrianantenaina<\/em> iz <em>Zero Day Initiative<\/em> programa je otkrio \u010detiri kriti\u010dne ranjivosti, koje su ozna\u010dene kao: <a href=\"https:\/\/www.zerodayinitiative.com\/advisories\/ZDI-23-1592\/\" target=\"_blank\" rel=\"noopener\"><em>CVE-2023-44441<\/em><\/a>, <a href=\"https:\/\/www.zerodayinitiative.com\/advisories\/ZDI-23-1594\/\" target=\"_blank\" rel=\"noopener\"><em>CVE-2023-44442<\/em><\/a>, <a href=\"https:\/\/www.zerodayinitiative.com\/advisories\/ZDI-23-1593\/\" target=\"_blank\" rel=\"noopener\"><em>CVE-2023-44443<\/em><\/a> i <a href=\"https:\/\/www.zerodayinitiative.com\/advisories\/ZDI-23-1591\/\" target=\"_blank\" rel=\"noopener\"><em>CVE-2023-44444<\/em><\/a> \u00a0omogu\u0107avaju <a href=\"https:\/\/sajberinfo.com\/en\/2022\/03\/19\/hakeri-crni-sesiri-epizoda-3\/\" target=\"_blank\" rel=\"nofollow noopener\">udaljenom napada\u010du<\/a> izvr\u0161avanje proizvoljnog k\u00f4da na pogo\u0111enim instalacijama <em>GIMP<\/em> softvera. Ovo konkretno zna\u010di da bi napada\u010d mogao da stekne potpunu kontrolu nad ure\u0111ajem korisnika jednostavnim prevarom korisnika koji bi otvorio zlonamjernu datoteku ili posjetio zlonamjernu Internet lokaciju.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Ranjivosti nastaju iz nepravilne provjere podataka koje je dostavio korisnik prilikom analiziranja <em>DDS<\/em>, <em>PSD<\/em> i <em>PSP<\/em> grafi\u010dkih datoteka. Ovo mo\u017ee dovesti do prelivanja me\u0111uspremnika (eng. <em>buffer overflow<\/em>), prekora\u010denja cjelobrojne vrijednosti (eng. <em>integer overflow<\/em>)i gre\u0161ka pomjeranja za jedinicu (eng. <em>off-by-one error<\/em>), omogu\u0107avaju\u0107i napada\u010dima da unesu svoj k\u00f4d u pokrenuti <em>GIMP<\/em> proces.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Sve ove ranjivosti su ozna\u010dene <em>CVSS<\/em> ocjenom <em>7.8<\/em>, \u0161to ukazuje na visok nivo ozbiljnosti, jer predstavljaju zna\u010dajan rizik za korisnike <em>GIMP<\/em> softvera po\u0161to se mogu iskoristiti jednostavnim otvaranjem zlonamjerne datoteke ili posjetom zlonamjernoj Internet stranici.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"ZASTITA\"><\/span><span style=\"font-size: 14pt;\"><strong>ZA\u0160TITA<\/strong><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Kako bi se korisnici za\u0161titili, potrebno je da preuzmu najnoviju verziju <a href=\"https:\/\/www.gimp.org\/downloads\/\" target=\"_blank\" rel=\"noopener\"><em>GIMP 2.10.36<\/em><\/a> softvera koja ispravlja sve navedene ranjivosti. Korisnici tako\u0111e trebaju da budu oprezni sa datotekama iz nepoznatih izvora kako i da izbjegavaju posje\u0107ivanje sumnjivih Internet stranica.<\/span><\/p>","protected":false},"excerpt":{"rendered":"<p>GIMP \u2013 GNU Image Manipulation Program je softver za za manipulaciju slikama i \u0161iroko se koristi za ure\u0111ivanje slika otvorenog k\u00f4da koji je stekao ogromnu popularnost me\u0111u grafi\u010dkim dizajnerima i entuzijastima i najpoznatija je&#46;&#46;&#46;<\/p>","protected":false},"author":1,"featured_media":5685,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[175,579,286,126],"class_list":["post-5683","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hronike","tag-cve","tag-gimp","tag-ranjivost","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/5683","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/comments?post=5683"}],"version-history":[{"count":0,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/5683\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media\/5685"}],"wp:attachment":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media?parent=5683"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/categories?post=5683"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/tags?post=5683"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}