OpenSSL v3.0.8 DLLs included with GIMP 2.10.34 (vulnerable to CVE-2023-0464, CVE-2023-0465 & CVE-2023-0466)
We have been alerted to the existence of 3 OpenSSL vulnerabilities that are exposed within the OpenSSL v3.0.8 DLLs installed as part of the GIMP 2.10.34. In the default install paths the 4 files are found here:
c:\program files\gimp 2\32\bin\libcrypto-3.dll c:\program files\gimp 2\32\bin\libssl-3.dll c:\program files\gimp 2\bin\libcrypto-3-x64.dll c:\program files\gimp 2\bin\libssl-3-x64.dll
Please can you update GIMP distribution to include the latest OpenSSL dlls with your next bugfixed release (either using OpenSSL 3.1.1 or 3.0.9)?