Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Gimp Subscribe
Filtered by product Gimp
Total 38 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-1978 3 Gimp, Gnome, Redhat 3 Gimp, Glib, Enterprise Linux 2023-02-12 6.8 MEDIUM N/A
Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window System (XWD) image dump with more colors than color map entries.
CVE-2013-1913 3 Gimp, Gnome, Redhat 3 Gimp, Glib, Enterprise Linux 2023-02-12 6.8 MEDIUM N/A
Integer overflow in the load_image function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large color entries value in an X Window System (XWD) image dump.
CVE-2012-5576 1 Gimp 1 Gimp 2023-02-12 7.5 HIGH N/A
Multiple stack-based buffer overflows in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.8.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large (1) red, (2) green, or (3) blue color mask in an XWD file.
CVE-2011-1178 1 Gimp 1 Gimp 2023-02-12 6.8 MEDIUM N/A
Multiple integer overflows in the load_image function in file-pcx.c in the Personal Computer Exchange (PCX) plugin in GIMP 2.6.x and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PCX image that triggers a heap-based buffer overflow.
CVE-2010-4542 1 Gimp 1 Gimp 2023-02-12 6.8 MEDIUM N/A
Stack-based buffer overflow in the gfig_read_parameter_gimp_rgb function in plug-ins/gfig/gfig-style.c in the GFIG plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long Foreground field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself. NOTE: some of these details are obtained from third party information.
CVE-2010-4541 1 Gimp 1 Gimp 2023-02-12 9.3 HIGH N/A
Stack-based buffer overflow in the loadit function in plug-ins/common/sphere-designer.c in the SPHERE DESIGNER plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long "Number of lights" field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself.
CVE-2010-4540 1 Gimp 1 Gimp 2023-02-12 6.8 MEDIUM N/A
Stack-based buffer overflow in the load_preset_response function in plug-ins/lighting/lighting-ui.c in the "LIGHTING EFFECTS > LIGHT" plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long Position field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself. NOTE: some of these details are obtained from third party information.
CVE-2010-4543 1 Gimp 1 Gimp 2023-02-12 7.5 HIGH N/A
Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image file that begins a long run count at the end of the image. NOTE: some of these details are obtained from third party information.
CVE-2009-0581 4 Gimp, Littlecms, Mozilla and 1 more 4 Gimp, Little Cms, Firefox and 1 more 2023-02-12 4.3 MEDIUM N/A
Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file.
CVE-2011-1782 1 Gimp 1 Gimp 2023-02-12 7.5 HIGH N/A
Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image file that begins a long run count at the end of the image. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4543.
CVE-2012-3481 1 Gimp 1 Gimp 2023-02-12 6.8 MEDIUM N/A
Integer overflow in the ReadImage function in plug-ins/common/file-gif-load.c in the GIF image format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted height and len properties in a GIF image file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
CVE-2012-3402 1 Gimp 1 Gimp 2023-02-12 6.8 MEDIUM N/A
Integer overflow in plug-ins/common/psd.c in the Adobe Photoshop PSD plugin in GIMP 2.2.13 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted channels header value in a PSD image file, which triggers a heap-based buffer overflow, a different vulnerability than CVE-2009-3909.
CVE-2012-3403 1 Gimp 1 Gimp 2023-02-12 6.8 MEDIUM N/A
Heap-based buffer overflow in the KiSS CEL file format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted KiSS palette file, which triggers an "invalid free."
CVE-2016-4994 1 Gimp 1 Gimp 2023-02-12 6.8 MEDIUM 7.8 HIGH
Use-after-free vulnerability in the xcf_load_image function in app/xcf/xcf-load.c in GIMP allows remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted XCF file.
CVE-2022-32990 1 Gimp 1 Gimp 2022-07-01 4.3 MEDIUM 5.5 MEDIUM
An issue in gimp_layer_invalidate_boundary of GNOME GIMP 2.10.30 allows attackers to trigger an unhandled exception via a crafted XCF file, causing a Denial of Service (DoS).
CVE-2022-30067 1 Gimp 1 Gimp 2022-05-25 4.3 MEDIUM 5.5 MEDIUM
GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Through a crafted XCF file, the program will allocate for a huge amount of memory, resulting in insufficient memory or program crash.
CVE-2007-2356 1 Gimp 1 Gimp 2022-02-07 6.8 MEDIUM N/A
Stack-based buffer overflow in the set_color_table function in sunras.c in the SUNRAS plugin in Gimp 2.2.14 allows user-assisted remote attackers to execute arbitrary code via a crafted RAS file.
CVE-2021-45463 4 Fedoraproject, Gegl, Gimp and 1 more 4 Fedora, Gegl, Gimp and 1 more 2022-02-07 6.8 MEDIUM 7.8 HIGH
load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIMP releases before 2.10.30; however, this does not imply that GIMP builds enable the vulnerable feature.
CVE-2017-17784 3 Canonical, Debian, Gimp 3 Ubuntu Linux, Debian Linux, Gimp 2022-02-07 6.8 MEDIUM 7.8 HIGH
In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data.
CVE-2017-17785 3 Canonical, Debian, Gimp 3 Ubuntu Linux, Debian Linux, Gimp 2022-02-07 6.8 MEDIUM 7.8 HIGH
In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c.