Vulnerabilities > Gimp > Gimp > 2.6.12
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-23 | CVE-2021-45463 | load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. | 7.8 |
| 2018-06-24 | CVE-2018-12713 | Unspecified vulnerability in Gimp GIMP through 2.10.2 makes g_get_tmp_dir calls to establish temporary filenames, which may result in a filename that already exists, as demonstrated by the gimp_write_and_read_file function in app/tests/test-xcf.c. | 6.4 |
| 2016-07-12 | CVE-2016-4994 | Use After Free vulnerability in Gimp Use-after-free vulnerability in the xcf_load_image function in app/xcf/xcf-load.c in GIMP allows remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted XCF file. | 7.8 |
| 2012-08-31 | CVE-2012-4245 | Missing Authorization vulnerability in Gimp The scriptfu network server in GIMP 2.6 does not require authentication, which allows remote attackers to execute arbitrary commands via the python-fu-eval command. | 6.8 |
| 2012-07-12 | CVE-2012-3236 | NULL Pointer Dereference vulnerability in Gimp fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated using a long string. | 4.3 |
| 2012-07-12 | CVE-2012-2763 | Classic Buffer Overflow vulnerability in Gimp Buffer overflow in the readstr_upto function in plug-ins/script-fu/tinyscheme/scheme.c in GIMP 2.6.12 and earlier, and possibly 2.6.13, allows remote attackers to execute arbitrary code via a long string in a command to the script-fu server. | 7.5 |
| 2007-06-08 | CVE-2007-3126 | Unspecified vulnerability in Gimp Gimp before 2.8.22 allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, a similar issue to CVE-2007-2237. | 5.0 |