From: nospam@needed.invalid   
      
   On Mon, 11/3/2025 9:13 PM, Felix wrote:   
      
   > and one I forgot to mention, unlike the Hacker/Malware magnet, LM doesn't   
   need AV software. :)   
      
   19080 entries. Like this. Bulletproof really.   
      
   https://explore.alas.aws.amazon.com/   
      
   CVE-2025-10934 	  GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code   
   Execution Vulnerability.   
   2025-10-29        This vulnerability allows remote attackers to execute   
   arbitrary code on affected installations of GIMP.   
                     User interaction is required to exploit this vulnerability   
   in that the   
                     target must visit a malicious page or open a malicious file.   
   The specific   
                     flaw exists within the parsing of XWD files. The issue   
   results from the lack   
                     of proper validation of the length of user-supplied data   
   prior to copying it   
                     to a heap-based buffer. An attacker can leverage this   
   vulnerability to execute code   
                     in the context of the current process. Was ZDI-CAN-27823.   
      
   Keep up your "Safe Hex" practices.   
      
   Don't do stupid stuff.   
      
   This is one reason, some distro installers have several security posture   
   settings, such as disabling sudo and having unelevated user accounts   
   plus a root account for package installation. Not everyone agrees with   
   the way that Mint is set up.   
      
      sudo   gimp  a-file-I-found-on-the-sidewalk.xwd   # Naughty (a new user   
   might try this)   
      
     Paul   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)