CVE-2023-44441: 
Rocky Linux vulnerability analysis and mitigation

CVE-2023-44441 is a heap-based buffer overflow vulnerability discovered in the GNU Image Manipulation Program (GIMP). The vulnerability was found in the DDS file parsing functionality and was disclosed on November 7, 2023. This security flaw affects GIMP installations that include the DDS plugin (versions 2.10.10 and later) (GIMP News, Red Hat Portal).

The vulnerability exists within the parsing of DDS files and results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local attack vector, low attack complexity, no privileges required, and user interaction required (ZDI Advisory).

If successfully exploited, this vulnerability allows an attacker to execute arbitrary code in the context of the current process, potentially leading to unauthorized code execution with the privileges of the GIMP process. The vulnerability affects confidentiality, integrity, and availability of the system (ZDI Advisory).

GIMP has released version 2.10.36 which includes a fix for this vulnerability. Users are advised to update to this version even if their current version works fine. Red Hat Enterprise Linux 7 and 8 are not affected by this issue as the DDS plugin was added in GIMP 2.10.10 (GIMP News, Red Hat Portal).