Gimp

Gimp

59 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2017-17784

  • EPSS 0.39%
  • Veröffentlicht 20.12.2017 09:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data.

7.8

CVE-2016-4994

  • EPSS 0.64%
  • Veröffentlicht 12.07.2016 19:59:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Use-after-free vulnerability in the xcf_load_image function in app/xcf/xcf-load.c in GIMP allows remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted XCF file.

6.8

CVE-2013-1978

  • EPSS 3.44%
  • Veröffentlicht 12.12.2013 18:55:10
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window Syste...

6.8

CVE-2013-1913

  • EPSS 2.02%
  • Veröffentlicht 12.12.2013 18:55:10
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Integer overflow in the load_image function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code ...

7.5

CVE-2012-5576

Exploit
  • EPSS 6.34%
  • Veröffentlicht 18.12.2012 01:55:06
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple stack-based buffer overflows in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.8.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large (1) red, (2) green, or (3) blue color mas...

6.8

CVE-2012-4245

  • EPSS 1.08%
  • Veröffentlicht 31.08.2012 18:55:05
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The scriptfu network server in GIMP 2.6 does not require authentication, which allows remote attackers to execute arbitrary commands via the python-fu-eval command.

6.8

CVE-2012-3481

  • EPSS 3.81%
  • Veröffentlicht 25.08.2012 10:29:51
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Integer overflow in the ReadImage function in plug-ins/common/file-gif-load.c in the GIF image format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via c...

6.8

CVE-2012-3403

  • EPSS 4.29%
  • Veröffentlicht 25.08.2012 10:29:49
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Heap-based buffer overflow in the KiSS CEL file format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted KiSS palette file, which triggers an "invalid free."

6.8

CVE-2012-3402

  • EPSS 1.04%
  • Veröffentlicht 25.08.2012 10:29:49
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Integer overflow in plug-ins/common/psd.c in the Adobe Photoshop PSD plugin in GIMP 2.2.13 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted channels header value in a PSD image file, w...

4.3

CVE-2012-3236

Exploit
  • EPSS 9.33%
  • Veröffentlicht 12.07.2012 21:55:06
  • Zuletzt bearbeitet 11.04.2025 00:51:21

fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated using a long string.