rpm package
opensuse/gimp&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/gimp&distro=openSUSE%20Tumbleweed
Vulnerabilities (26)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-2239 | Low | 2.8 | < 3.0.8-2.1 | 3.0.8-2.1 | Mar 26, 2026 | A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the fread_pascal_string function when processing a specially crafted PSD (Photoshop Document) file. This occurs because the buffer allocated for a Pascal string is not properly null-terminated, leading to an o | |
| CVE-2025-15059 | — | < 3.0.6-4.1 | 3.0.6-4.1 | Jan 23, 2026 | GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a | ||
| CVE-2025-14425 | — | < 3.0.6-5.1 | 3.0.6-5.1 | Dec 23, 2025 | GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a | ||
| CVE-2025-14424 | — | < 3.0.6-5.1 | 3.0.6-5.1 | Dec 23, 2025 | GIMP XCF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious p | ||
| CVE-2025-14423 | — | < 3.0.6-5.1 | 3.0.6-5.1 | Dec 23, 2025 | GIMP LBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit | ||
| CVE-2025-14422 | — | < 3.0.6-5.1 | 3.0.6-5.1 | Dec 23, 2025 | GIMP PNM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious | ||
| CVE-2025-10925 | — | < 3.0.4-4.1 | 3.0.4-4.1 | Oct 29, 2025 | GIMP ILBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit | ||
| CVE-2025-10924 | — | < 3.0.4-3.1 | 3.0.4-3.1 | Oct 29, 2025 | GIMP FF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious | ||
| CVE-2025-10922 | — | < 3.0.4-4.1 | 3.0.4-4.1 | Oct 29, 2025 | GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a | ||
| CVE-2025-10920 | — | < 3.0.4-4.1 | 3.0.4-4.1 | Oct 29, 2025 | GIMP ICNS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malic | ||
| CVE-2025-2760 | — | < 3.0.4-2.1 | 3.0.4-2.1 | Apr 23, 2025 | GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious | ||
| CVE-2023-44443 | — | < 2.10.38-4.1 | 2.10.38-4.1 | May 3, 2024 | GIMP PSP File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious | ||
| CVE-2022-32990 | — | < 2.10.38-4.1 | 2.10.38-4.1 | Jun 24, 2022 | An issue in gimp_layer_invalidate_boundary of GNOME GIMP 2.10.30 allows attackers to trigger an unhandled exception via a crafted XCF file, causing a Denial of Service (DoS). | ||
| CVE-2022-30067 | — | < 2.10.30-3.1 | 2.10.30-3.1 | May 17, 2022 | GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Through a crafted XCF file, the program will allocate for a huge amount of memory, resulting in insufficient memory or program crash. | ||
| CVE-2016-4994 | Hig | 7.8 | < 2.8.18-1.4 | 2.8.18-1.4 | Jul 12, 2016 | Use-after-free vulnerability in the xcf_load_image function in app/xcf/xcf-load.c in GIMP allows remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted XCF file. | |
| CVE-2012-5576 | — | < 2.8.18-1.4 | 2.8.18-1.4 | Dec 18, 2012 | Multiple stack-based buffer overflows in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.8.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large (1) red, (2) green, or (3) blue color mask in an XWD file. | ||
| CVE-2012-3236 | — | < 2.8.18-1.4 | 2.8.18-1.4 | Jul 12, 2012 | fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated using a long string. | ||
| CVE-2011-2896 | — | < 2.8.18-1.4 | 2.8.18-1.4 | Aug 19, 2011 | The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the | ||
| CVE-2010-4543 | — | < 2.8.18-1.4 | 2.8.18-1.4 | Jan 7, 2011 | Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image | ||
| CVE-2010-4542 | — | < 2.8.18-1.4 | 2.8.18-1.4 | Jan 7, 2011 | Stack-based buffer overflow in the gfig_read_parameter_gimp_rgb function in plug-ins/gfig/gfig-style.c in the GFIG plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long Foreground |
- affected < 3.0.8-2.1fixed 3.0.8-2.1
A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the fread_pascal_string function when processing a specially crafted PSD (Photoshop Document) file. This occurs because the buffer allocated for a Pascal string is not properly null-terminated, leading to an o
- CVE-2025-15059Jan 23, 2026affected < 3.0.6-4.1fixed 3.0.6-4.1
GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a
- CVE-2025-14425Dec 23, 2025affected < 3.0.6-5.1fixed 3.0.6-5.1
GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a
- CVE-2025-14424Dec 23, 2025affected < 3.0.6-5.1fixed 3.0.6-5.1
GIMP XCF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious p
- CVE-2025-14423Dec 23, 2025affected < 3.0.6-5.1fixed 3.0.6-5.1
GIMP LBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit
- CVE-2025-14422Dec 23, 2025affected < 3.0.6-5.1fixed 3.0.6-5.1
GIMP PNM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious
- CVE-2025-10925Oct 29, 2025affected < 3.0.4-4.1fixed 3.0.4-4.1
GIMP ILBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit
- CVE-2025-10924Oct 29, 2025affected < 3.0.4-3.1fixed 3.0.4-3.1
GIMP FF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious
- CVE-2025-10922Oct 29, 2025affected < 3.0.4-4.1fixed 3.0.4-4.1
GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a
- CVE-2025-10920Oct 29, 2025affected < 3.0.4-4.1fixed 3.0.4-4.1
GIMP ICNS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malic
- CVE-2025-2760Apr 23, 2025affected < 3.0.4-2.1fixed 3.0.4-2.1
GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious
- CVE-2023-44443May 3, 2024affected < 2.10.38-4.1fixed 2.10.38-4.1
GIMP PSP File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious
- CVE-2022-32990Jun 24, 2022affected < 2.10.38-4.1fixed 2.10.38-4.1
An issue in gimp_layer_invalidate_boundary of GNOME GIMP 2.10.30 allows attackers to trigger an unhandled exception via a crafted XCF file, causing a Denial of Service (DoS).
- CVE-2022-30067May 17, 2022affected < 2.10.30-3.1fixed 2.10.30-3.1
GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Through a crafted XCF file, the program will allocate for a huge amount of memory, resulting in insufficient memory or program crash.
- affected < 2.8.18-1.4fixed 2.8.18-1.4
Use-after-free vulnerability in the xcf_load_image function in app/xcf/xcf-load.c in GIMP allows remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted XCF file.
- CVE-2012-5576Dec 18, 2012affected < 2.8.18-1.4fixed 2.8.18-1.4
Multiple stack-based buffer overflows in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.8.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large (1) red, (2) green, or (3) blue color mask in an XWD file.
- CVE-2012-3236Jul 12, 2012affected < 2.8.18-1.4fixed 2.8.18-1.4
fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated using a long string.
- CVE-2011-2896Aug 19, 2011affected < 2.8.18-1.4fixed 2.8.18-1.4
The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the
- CVE-2010-4543Jan 7, 2011affected < 2.8.18-1.4fixed 2.8.18-1.4
Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image
- CVE-2010-4542Jan 7, 2011affected < 2.8.18-1.4fixed 2.8.18-1.4
Stack-based buffer overflow in the gfig_read_parameter_gimp_rgb function in plug-ins/gfig/gfig-style.c in the GFIG plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long Foreground
Page 1 of 2