Total
44 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-32990 | 1 Gimp | 1 Gimp | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue in gimp_layer_invalidate_boundary of GNOME GIMP 2.10.30 allows attackers to trigger an unhandled exception via a crafted XCF file, causing a Denial of Service (DoS). | |||||
| CVE-2022-30067 | 1 Gimp | 1 Gimp | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Through a crafted XCF file, the program will allocate for a huge amount of memory, resulting in insufficient memory or program crash. | |||||
| CVE-2021-45463 | 4 Fedoraproject, Gegl, Gimp and 1 more | 4 Fedora, Gegl, Gimp and 1 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIMP releases before 2.10.30; however, this does not imply that GIMP builds enable the vulnerable feature. | |||||
| CVE-2018-12713 | 1 Gimp | 1 Gimp | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| GIMP through 2.10.2 makes g_get_tmp_dir calls to establish temporary filenames, which may result in a filename that already exists, as demonstrated by the gimp_write_and_read_file function in app/tests/test-xcf.c. This might be leveraged by attackers to overwrite files or read file content that was intended to be private. | |||||