Forum Thread: PSI alerts for GIMP 2.8

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
GIMP project
And, this specific program:
GIMP 2.x

This thread has been marked as locked.
aaaaaaaaaaaaaaaaa PSI alerts for GIMP 2.8
Member 14th Aug, 2012 22:31
Ranking: -5
Posts: 41
User Since: 15th Dec, 2008
System Score: N/A
Location: N/A

PSI founds the version 2.8.0 of GIMP and claims it was unsecure.
It refers while doing that to SA49314.
The SA itself claims versions prior to 2.8.0 were affected and it recommends update
to 2.8.0. However, 2.8 already installed, and it is the program which PSI supposes to be
insecure.
Where does this strange alert come from?
How to explain the inconsistency in background?
What to do as next?
On vendors page I can find any newer version than that already installed and detected
by PSI as vulnerable!!!!



Program Name:
GIMP 2.x

Security State:
Insecure

Download Link:
http://www.gimp.org/downloads/

Instances Found:
C:\Program Files\Gimp\bin\gimp-2.8.exe, version: 2.8.0.0

Last System Scan (localtime):
14. Aug 2012, 21:53

Operating System:
Microsoft Windows Vista

Maurice Joyce RE: PSI alerts for GIMP 2.8
Handling Contributor 14th Aug, 2012 23:35
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Have you tried a full PSI rescan?

--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+0
-0
aaaaaaaaaaaaaaaaa RE: PSI alerts for GIMP 2.8
Member 15th Aug, 2012 09:11
Score: -5
Posts: 41
User Since: 15th Dec 2008
System Score: N/A
Location: N/A
Last edited on 15th Aug, 2012 09:13
Yes, I tried it. No help. The same results.

One additional issue regarding this issue: some other PC in our lan (that case a Win XP based one) is affected as well.
Was this reply relevant?
+0
-0
BlindFreakazoid RE: PSI alerts for GIMP 2.8
Member 17th Aug, 2012 18:21
Score: 0
Posts: 1
User Since: 17th Aug 2012
System Score: N/A
Location: DE
On my system it's even stranger, see [1]. However, the tray icon is green...

I'm using PSI 3.0.0.1002 (Beta).

[1] http://imgur.com/ADYHk
Was this reply relevant?
+0
-0
Websafe RE: PSI alerts for GIMP 2.8
Member 17th Aug, 2012 21:56
Score: 79
Posts: 105
User Since: 24th May 2009
System Score: N/A
Location: NL
Hello all,

Installed Gimp-2.8.0-setup.exe into a sandbox, on:
Windows XP-home SP3 and
Secunia PSI 2.0.0.3003.

At first Gimp was recognized as secure, however PSI recognized 2 files:

C:\Sandbox\Websafe\DefaultBox\drive\C\Program Files\GIMP 2\bin\libgtk-win32-2.0-0.dll, version 2.24.10.0
C:\Sandbox\Websafe\DefaultBox\drive\C\Program Files\GIMP 2\bin\gimp-2.8.exe, version 2.8.0.0

I decided to rename libgtk-win32-2.0-0.dll to libgtk-win32-2.0-0.dll.bak and did new complete PSI scan.
This time PSI recognized Gimp as insecure, by only:
C:\Sandbox\Websafe\DefaultBox\drive\C\Program Files\GIMP 2\bin\gimp-2.8.exe, version 2.8.0.0

Can't make a 100 % conclusion, but it seems likely that if PSI recognizes libgtk-win32-2.0-0.dll and gimp-2.8.exe separately, Gimp will be recognized as insecure, which seems a false positive to me.

Have a nice day,

Websafe.
Was this reply relevant?
+0
-0

This thread has been marked as locked.