SecTeer VulnDetect & PatchPro Support Forum VulnDetect
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Download VulnDetect Installer
    • Login

    [Solved] GIMP - 2.10.4 - Possible False Positive

    Scheduled Pinned Locked Moved Solved Detection Issues
    7 Posts 3 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z Offline
      Zian
      last edited by OLLI_S

      https://www.gimp.org/downloads/ says that the current stable release is "2.10.4" but CARMA shows the application as "Unsafe" while indicating that the installed version is "2.10.4".

      1 Reply Last reply Reply Quote 0
      • T Offline
        Tom VulnDetect Team Member
        last edited by

        Hi Zian,
        Thanks for reporting this.
        This is a known issue, if you read this post:
        https://vulndetect.org/post/1310

        However, GIMP seems to be vulnerable to this old vuln:
CVE-2017-17789 in file-psp.exe
There is no immediate announcements or entries in the changelog about this being fixed.

        As soon as we get some pointer to a changelog or other statement about this being fixed in a specific version, then we will update the rules to reflect this.

        /Tom
        Download the latest SecTeer VulnDetect agent here:
        https://vulndetect.com/dl/secteerSetup.exe

        1 Reply Last reply Reply Quote 1
        • OLLI_SO Offline
          OLLI_S Community Moderator
          last edited by OLLI_S

          @Zian There are two suggestions in this forum related to such issues:

          • Show Reason for Unsafe Status
          • New Status "Outdated" (for non-security updates)

          Feel free to comment and vote on those suggestions.

          1 Reply Last reply Reply Quote 0
          • T Offline
            Tom VulnDetect Team Member
            last edited by

            We found evidence that this is indeed fixed, state has been updated to reflect this

            /Tom
            Download the latest SecTeer VulnDetect agent here:
            https://vulndetect.com/dl/secteerSetup.exe

            1 Reply Last reply Reply Quote 0
            • OLLI_SO Offline
              OLLI_S Community Moderator
              last edited by

              So is this issue fixed now?

              T 1 Reply Last reply Reply Quote 0
              • T Offline
                Tom VulnDetect Team Member @OLLI_S
                last edited by

                @OLLI_S
                Yes

                /Tom
                Download the latest SecTeer VulnDetect agent here:
                https://vulndetect.com/dl/secteerSetup.exe

                1 Reply Last reply Reply Quote 0
                • OLLI_SO Offline
                  OLLI_S Community Moderator
                  last edited by

                  Then I mark it as solved.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Download SecTeer Personal VulnDetect - an alternative to the long lost Secunia PSI

                  Please see our Privacy and Data Processing Policy
                  Sponsored and operated by SecTeer | VulnDetect is a replacement for the EoL Secunia PSI
                  Forum software by NodeBB