SecTeer VulnDetect & PatchPro Support Forum VulnDetect
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Download VulnDetect Installer
    • Login

    [Solved] GIMP - 2.10.4 - Possible False Positive

    Scheduled Pinned Locked Moved Solved Detection Issues
    7 Posts 3 Posters 3.5k Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z Offline
      Zian
      last edited by OLLI_S

      https://www.gimp.org/downloads/ says that the current stable release is "2.10.4" but CARMA shows the application as "Unsafe" while indicating that the installed version is "2.10.4".

      1 Reply Last reply Reply Quote 0
      • T Offline
        Tom VulnDetect Team Member
        last edited by

        Hi Zian,
        Thanks for reporting this.
        This is a known issue, if you read this post:
        https://vulndetect.org/post/1310

        However, GIMP seems to be vulnerable to this old vuln:
CVE-2017-17789 in file-psp.exe
There is no immediate announcements or entries in the changelog about this being fixed.

        As soon as we get some pointer to a changelog or other statement about this being fixed in a specific version, then we will update the rules to reflect this.

        /Tom
        Download the latest SecTeer VulnDetect agent here:
        https://vulndetect.com/dl/secteerSetup.exe

        1 Reply Last reply Reply Quote 1
        • OLLI_SO Offline
          OLLI_S Community Moderator
          last edited by OLLI_S

          @Zian There are two suggestions in this forum related to such issues:

          • Show Reason for Unsafe Status
          • New Status "Outdated" (for non-security updates)

          Feel free to comment and vote on those suggestions.

          1 Reply Last reply Reply Quote 0
          • T Offline
            Tom VulnDetect Team Member
            last edited by

            We found evidence that this is indeed fixed, state has been updated to reflect this

            /Tom
            Download the latest SecTeer VulnDetect agent here:
            https://vulndetect.com/dl/secteerSetup.exe

            1 Reply Last reply Reply Quote 0
            • OLLI_SO Offline
              OLLI_S Community Moderator
              last edited by

              So is this issue fixed now?

              T 1 Reply Last reply Reply Quote 0
              • T Offline
                Tom VulnDetect Team Member @OLLI_S
                last edited by

                @OLLI_S
                Yes

                /Tom
                Download the latest SecTeer VulnDetect agent here:
                https://vulndetect.com/dl/secteerSetup.exe

                1 Reply Last reply Reply Quote 0
                • OLLI_SO Offline
                  OLLI_S Community Moderator
                  last edited by

                  Then I mark it as solved.

                  1 Reply Last reply Reply Quote 0

                  Hello! It looks like you're interested in this conversation, but you don't have an account yet.

                  Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.

                  With your input, this post could be even better 💗

                  Register Login
                  • First post
                    Last post
                  Download SecTeer Personal VulnDetect - an alternative to the long lost Secunia PSI

                  Please see our Privacy and Data Processing Policy
                  Sponsored and operated by SecTeer | VulnDetect is a replacement for the EoL Secunia PSI
                  Forum software by NodeBB