CVE-2022-30067
Description
GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Through a crafted XCF file, the program will allocate for a huge amount of memory, resulting in insufficient memory or program crash.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
13- osv-coords11 versionspkg:rpm/almalinux/gimppkg:rpm/almalinux/gimp-libspkg:rpm/opensuse/gimp&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/gimp&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/gimp&distro=openSUSE%20Tumbleweedpkg:rpm/suse/gimp&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3pkg:rpm/suse/gimp&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP4pkg:rpm/suse/gimp&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/gimp&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5pkg:rpm/suse/gimp&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP3pkg:rpm/suse/gimp&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP4
< 2:2.99.8-3.el9+ 10 more
- (no CPE)range: < 2:2.99.8-3.el9
- (no CPE)range: < 2:2.99.8-3.el9
- (no CPE)range: < 2.10.12-150300.9.3.1
- (no CPE)range: < 2.10.30-150400.3.3.1
- (no CPE)range: < 2.10.30-3.1
- (no CPE)range: < 2.10.12-150300.9.3.1
- (no CPE)range: < 2.10.30-150400.3.3.1
- (no CPE)range: < 2.8.18-9.21.1
- (no CPE)range: < 2.8.18-9.21.1
- (no CPE)range: < 2.10.12-150300.9.3.1
- (no CPE)range: < 2.10.30-150400.3.3.1
Patches
Vulnerability mechanics
Root cause
"Missing bounds validation on size fields in XCF file parsing allows an attacker-controlled huge allocation in xcf_load_old_paths."
Attack vector
An attacker crafts a malicious XCF file that causes GIMP to attempt an enormous memory allocation (0xab9e16000 bytes, approximately 46 GB) via `calloc` in `xcf_load_old_paths` [ref_id=1]. When a victim opens this crafted XCF file in GIMP 2.10.30 or 2.99.10, the program tries to allocate this huge amount of memory, resulting in an out-of-memory crash or denial of service [ref_id=1]. No authentication or special privileges are required beyond the victim opening the file.
Affected code
The vulnerability resides in the XCF file loading code, specifically in the function `xcf_load_old_paths` at `/home/leung/fuzzing_gimp/test/gimp-2.10.30/app/xcf/xcf-load.c:2724` [ref_id=1]. This function is called during `xcf_load_image_props` (line 1055) as part of the overall `xcf_load_image` routine (line 253) [ref_id=1].
What the fix does
The issue report does not include a published patch or fix [ref_id=1]. The advisory describes the crash but does not provide remediation code. To close this vulnerability, the XCF loader would need to add validation of the size fields in the XCF file before allocating memory, rejecting files that request unreasonably large allocations.
Preconditions
- inputVictim must open a crafted XCF file using GIMP 2.10.30 or 2.99.10
- authNo authentication or special privileges required
Generated on May 28, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2News mentions
0No linked articles in our index yet.