VYPR

Vendor CVEs

GIMP

All CVEs

82 total · sorted by risk
  • CVE-2025-10934Oct 29, 2025
    risk 0.00cvss epss 0.00

    GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit…

  • CVE-2025-10925Oct 29, 2025
    risk 0.00cvss epss 0.03

    GIMP ILBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must…

  • CVE-2025-10924Oct 29, 2025
    risk 0.00cvss epss 0.00

    GIMP FF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious…

  • CVE-2025-10923Oct 29, 2025
    risk 0.00cvss epss 0.00

    GIMP WBMP File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a…

  • CVE-2025-10922Oct 29, 2025
    risk 0.00cvss epss 0.01

    GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit…

  • CVE-2025-10921Oct 29, 2025
    risk 0.00cvss epss 0.00

    GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit…

  • CVE-2025-10920Oct 29, 2025
    risk 0.00cvss epss 0.00

    GIMP ICNS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a…

  • CVE-2025-8672Aug 11, 2025
    risk 0.00cvss epss 0.00

    MacOS version of GIMP bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts,…

  • CVE-2025-6035Jun 13, 2025
    risk 0.00cvss epss 0.00

    A flaw was found in GIMP. An integer overflow vulnerability exists in the GIMP "Despeckle" plug-in. The issue occurs due to unchecked multiplication of image dimensions, such as width, height, and bytes-per-pixel (img_bpp), which can result in allocating insufficient memory and…

  • CVE-2025-5473Jun 6, 2025
    risk 0.00cvss epss 0.11

    GIMP ICO File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a…

  • CVE-2025-2761Apr 23, 2025
    risk 0.00cvss epss 0.01

    GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a…

  • CVE-2022-30067May 17, 2022
    risk 0.00cvss epss 0.01

    GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Through a crafted XCF file, the program will allocate for a huge amount of memory, resulting in insufficient memory or program crash.

  • CVE-2018-12713CriJun 24, 2018
    risk 0.00cvss 9.1epss 0.02

    GIMP through 2.10.2 makes g_get_tmp_dir calls to establish temporary filenames, which may result in a filename that already exists, as demonstrated by the gimp_write_and_read_file function in app/tests/test-xcf.c. This might be leveraged by attackers to overwrite files or read…

  • CVE-2013-1978Dec 12, 2013
    risk 0.00cvss epss 0.04

    Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window System (XWD) image dump with more…

  • CVE-2013-1913Dec 12, 2013
    risk 0.00cvss epss 0.04

    Integer overflow in the load_image function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large color entries…

  • CVE-2012-4245Aug 31, 2012
    risk 0.00cvss epss 0.05

    The scriptfu network server in GIMP 2.6 does not require authentication, which allows remote attackers to execute arbitrary commands via the python-fu-eval command.

  • CVE-2012-3481Aug 25, 2012
    risk 0.00cvss epss 0.05

    Integer overflow in the ReadImage function in plug-ins/common/file-gif-load.c in the GIF image format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted height and len…

  • CVE-2012-3403Aug 25, 2012
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in the KiSS CEL file format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted KiSS palette file, which triggers an "invalid free."

  • CVE-2012-3402Aug 25, 2012
    risk 0.00cvss epss 0.04

    Integer overflow in plug-ins/common/psd.c in the Adobe Photoshop PSD plugin in GIMP 2.2.13 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted channels header value in a PSD image file, which triggers a heap-based…

  • CVE-2011-2896Aug 19, 2011
    risk 0.00cvss epss 0.13

    The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the…

  • CVE-2011-1782Jul 27, 2011
    risk 0.00cvss epss 0.03

    Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image…

  • CVE-2011-1178Jun 6, 2011
    risk 0.00cvss epss 0.05

    Multiple integer overflows in the load_image function in file-pcx.c in the Personal Computer Exchange (PCX) plugin in GIMP 2.6.x and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PCX image that…

  • CVE-2010-4542Jan 7, 2011
    risk 0.00cvss epss 0.06

    Stack-based buffer overflow in the gfig_read_parameter_gimp_rgb function in plug-ins/gfig/gfig-style.c in the GFIG plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long…

  • CVE-2010-4540Jan 7, 2011
    risk 0.00cvss epss 0.06

    Stack-based buffer overflow in the load_preset_response function in plug-ins/lighting/lighting-ui.c in the "LIGHTING EFFECTS > LIGHT" plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code…

  • CVE-2009-0733Mar 23, 2009
    risk 0.00cvss epss 0.06

    Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large…

  • CVE-2009-0723Mar 23, 2009
    risk 0.00cvss epss 0.05

    Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these…

  • CVE-2009-0581Mar 23, 2009
    risk 0.00cvss epss 0.03

    Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file.

  • CVE-2007-3741Aug 27, 2007
    risk 0.00cvss epss 0.03

    The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp allow user-assisted remote attackers to cause a denial of service (crash or memory consumption) via crafted image files, as discovered using the fusil fuzzing tool.

  • CVE-2006-4519Jul 10, 2007
    risk 0.00cvss epss 0.06

    Multiple integer overflows in the image loader plug-ins in GIMP before 2.2.16 allow user-assisted remote attackers to execute arbitrary code via crafted length values in (1) DICOM, (2) PNM, (3) PSD, (4) PSP, (5) Sun RAS, (6) XBM, and (7) XWD files.

  • CVE-2007-3126Jun 8, 2007
    risk 0.00cvss epss 0.03

    Gimp before 2.8.22 allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, a similar issue to CVE-2007-2237.

  • CVE-2006-3404Jul 6, 2006
    risk 0.00cvss epss 0.05

    Buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c for gimp before 2.2.12 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XCF file with a large num_axes value in the VECTORS property.

  • CVE-2005-0654May 2, 2005
    risk 0.00cvss epss 0.02

    gifload.exe in GIMP 2.0.5, 2.2.3, and possibly 2.2.4 allows remote attackers or local users to cause a denial of service (application crash) via the image descriptor (1) height or (2) width fields set to zero.

Page 2 of 2