Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:gimp:gimp:2.8.22:*:*:*:*:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2021-45463 |
load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIMP releases before 2.10.30; however, this does not imply that GIMP builds enable the vulnerable feature. Published: December 23, 2021; 1:15:06 AM -0500 |
V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2018-12713 |
GIMP through 2.10.2 makes g_get_tmp_dir calls to establish temporary filenames, which may result in a filename that already exists, as demonstrated by the gimp_write_and_read_file function in app/tests/test-xcf.c. This might be leveraged by attackers to overwrite files or read file content that was intended to be private. Published: June 24, 2018; 6:29:00 PM -0400 |
V3.1: 9.1 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2017-17789 |
In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c. Published: December 20, 2017; 4:29:01 AM -0500 |
V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-17788 |
In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when there is no '\0' character after the version string. Published: December 20, 2017; 4:29:01 AM -0500 |
V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-17787 |
In GIMP 2.8.22, there is a heap-based buffer over-read in read_creator_block in plug-ins/common/file-psp.c. Published: December 20, 2017; 4:29:01 AM -0500 |
V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-17786 |
In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in plug-ins/common/file-tga.c (related to bgr2rgb.part.1) via an unexpected bits-per-pixel value for an RGBA image. Published: December 20, 2017; 4:29:01 AM -0500 |
V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-17785 |
In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c. Published: December 20, 2017; 4:29:00 AM -0500 |
V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-17784 |
In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data. Published: December 20, 2017; 4:29:00 AM -0500 |
V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2012-3236 |
fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated using a long string. Published: July 12, 2012; 5:55:06 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |