Vulnerabilities > Gimp

DATE CVE VULNERABILITY TITLE RISK
2022-05-17 CVE-2022-30067 Classic Buffer Overflow vulnerability in Gimp 2.10.30/2.99.10
GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow.
network
gimp CWE-120
4.3
2021-12-23 CVE-2021-45463 load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. 6.8
2018-06-24 CVE-2018-12713 Unspecified vulnerability in Gimp
GIMP through 2.10.2 makes g_get_tmp_dir calls to establish temporary filenames, which may result in a filename that already exists, as demonstrated by the gimp_write_and_read_file function in app/tests/test-xcf.c.
network
low complexity
gimp
6.4
2017-12-20 CVE-2017-17789 Out-of-bounds Write vulnerability in multiple products
In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c.
6.8
2017-12-20 CVE-2017-17788 Out-of-bounds Read vulnerability in multiple products
In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when there is no '\0' character after the version string.
4.3
2017-12-20 CVE-2017-17787 Out-of-bounds Read vulnerability in multiple products
In GIMP 2.8.22, there is a heap-based buffer over-read in read_creator_block in plug-ins/common/file-psp.c.
6.8
2017-12-20 CVE-2017-17786 Out-of-bounds Read vulnerability in multiple products
In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in plug-ins/common/file-tga.c (related to bgr2rgb.part.1) via an unexpected bits-per-pixel value for an RGBA image.
6.8
2017-12-20 CVE-2017-17785 Out-of-bounds Write vulnerability in multiple products
In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c.
6.8
2017-12-20 CVE-2017-17784 Out-of-bounds Read vulnerability in multiple products
In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data.
6.8
2016-07-12 CVE-2016-4994 Use After Free vulnerability in Gimp
Use-after-free vulnerability in the xcf_load_image function in app/xcf/xcf-load.c in GIMP allows remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted XCF file.
network
gimp CWE-416
6.8