Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Gimp
(Gimp)| Repositories | https://github.com/GNOME/gimp |
| #Vulnerabilities | 31 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-12-23 | CVE-2021-45463 | load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIMP releases before 2.10.30; however, this does not imply that GIMP builds enable the vulnerable feature. | Fedora, Gegl, Gimp, Enterprise_linux | 7.8 | ||
| 2017-12-20 | CVE-2017-17788 | In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when there is no '\0' character after the version string. | Ubuntu_linux, Debian_linux, Gimp | N/A | ||
| 2018-06-24 | CVE-2018-12713 | GIMP through 2.10.2 makes g_get_tmp_dir calls to establish temporary filenames, which may result in a filename that already exists, as demonstrated by the gimp_write_and_read_file function in app/tests/test-xcf.c. This might be leveraged by attackers to overwrite files or read file content that was intended to be private. | Gimp | 9.1 | ||
| 2017-12-20 | CVE-2017-17789 | In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c. | Ubuntu_linux, Debian_linux, Gimp | 7.8 | ||
| 2017-12-20 | CVE-2017-17787 | In GIMP 2.8.22, there is a heap-based buffer over-read in read_creator_block in plug-ins/common/file-psp.c. | Ubuntu_linux, Debian_linux, Gimp | 7.8 | ||
| 2017-12-20 | CVE-2017-17786 | In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in plug-ins/common/file-tga.c (related to bgr2rgb.part.1) via an unexpected bits-per-pixel value for an RGBA image. | Ubuntu_linux, Debian_linux, Gimp | 7.8 | ||
| 2017-12-20 | CVE-2017-17785 | In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c. | Ubuntu_linux, Debian_linux, Gimp | 7.8 | ||
| 2017-12-20 | CVE-2017-17784 | In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data. | Ubuntu_linux, Debian_linux, Gimp | 7.8 | ||
| 2016-07-12 | CVE-2016-4994 | Use-after-free vulnerability in the xcf_load_image function in app/xcf/xcf-load.c in GIMP allows remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted XCF file. | Gimp | 7.8 | ||
| 2013-12-12 | CVE-2013-1978 | Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window System (XWD) image dump with more colors than color map entries. | Gimp, Enterprise_linux | N/A |