VYPR

Gimp

by GIMP

Source repositories

CVEs (82)

  • CVE-2017-17788MedDec 20, 2017
    risk 0.36cvss 5.5epss 0.01

    In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when there is no '\0' character after the version string.

  • CVE-2026-40917MedApr 15, 2026
    risk 0.33cvss 5.0epss 0.00

    A flaw was found in GIMP. This vulnerability, a heap buffer over-read in the `icns_slurp()` function, occurs when processing specially crafted ICNS image files. An attacker could provide a malicious ICNS file, potentially leading to application crashes or information disclosure…

  • CVE-2026-40916MedApr 15, 2026
    risk 0.33cvss 5.0epss 0.00

    A flaw was found in GIMP. A stack buffer overflow vulnerability in the TIM image loader's 4BPP decoding path allows a local user to cause a Denial of Service (DoS). By opening a specially crafted TIM image file, the application crashes due to an unconditional overflow when…

  • CVE-2026-2272MedMar 26, 2026
    risk 0.28cvss 4.3epss 0.01

    A flaw was found in GIMP. An integer overflow vulnerability exists when processing ICO image files, specifically in the `ico_read_info` and `ico_read_icon` functions. This issue arises because a size calculation for image buffers can wrap around due to a 32-bit integer…

  • CVE-2026-2271LowMar 26, 2026
    risk 0.21cvss 3.3epss 0.00

    A flaw was found in GIMP's PSP (Paint Shop Pro) file parser. A remote attacker could exploit an integer overflow vulnerability in the read_creator_block() function by providing a specially crafted PSP image file. This vulnerability occurs when a 32-bit length value from the file…

  • CVE-2026-2239LowMar 26, 2026
    risk 0.18cvss 2.8epss 0.00

    A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the fread_pascal_string function when processing a specially crafted PSD (Photoshop Document) file. This occurs because the buffer allocated for a Pascal string is not properly null-terminated, leading to an…

  • CVE-2012-2763Jul 12, 2012
    risk 0.10cvss epss 0.82

    Buffer overflow in the readstr_upto function in plug-ins/script-fu/tinyscheme/scheme.c in GIMP 2.6.12 and earlier, and possibly 2.6.13, allows remote attackers to execute arbitrary code via a long string in a command to the script-fu server.

  • CVE-2023-44443May 3, 2024
    risk 0.05cvss epss 0.93

    GIMP PSP File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a…

  • CVE-2023-44442May 3, 2024
    risk 0.05cvss epss 0.61

    GIMP PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit…

  • CVE-2023-44444May 3, 2024
    risk 0.04cvss epss 0.56

    GIMP PSP File Parsing Off-By-One Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page…

  • CVE-2012-3236Jul 12, 2012
    risk 0.04cvss epss 0.11

    fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated using a long string.

  • CVE-2010-4543Jan 7, 2011
    risk 0.04cvss epss 0.16

    Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image…

  • CVE-2007-2356Apr 30, 2007
    risk 0.04cvss epss 0.16

    Stack-based buffer overflow in the set_color_table function in sunras.c in the SUNRAS plugin in Gimp 2.2.14 allows user-assisted remote attackers to execute arbitrary code via a crafted RAS file.

  • CVE-2025-2760Apr 23, 2025
    risk 0.01cvss epss 0.06

    GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a…

  • CVE-2023-44441May 3, 2024
    risk 0.01cvss epss 0.27

    GIMP DDS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit…

  • CVE-2012-5576Dec 18, 2012
    risk 0.01cvss epss 0.07

    Multiple stack-based buffer overflows in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.8.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large (1) red, (2) green, or (3) blue color mask in an XWD file.

  • CVE-2010-4541Jan 7, 2011
    risk 0.01cvss epss 0.07

    Stack-based buffer overflow in the loadit function in plug-ins/common/sphere-designer.c in the SPHERE DESIGNER plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long "Number of…

  • CVE-2009-3909Nov 19, 2009
    risk 0.01cvss epss 0.09

    Integer overflow in the read_channel_data function in plug-ins/file-psd/psd-load.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a crafted PSD file that triggers a heap-based buffer overflow.

  • CVE-2009-1570Nov 13, 2009
    risk 0.01cvss epss 0.08

    Integer overflow in the ReadImage function in plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a BMP file with crafted width and height values that trigger a heap-based buffer overflow.

  • CVE-2007-2949Jul 4, 2007
    risk 0.01cvss epss 0.07

    Integer overflow in the seek_to_and_unpack_pixeldata function in the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute arbitrary code via a crafted PSD file that contains a large (1) width or (2) height value.

Page 2 of 5