📦

gimp

Vendor: gimp

Actively Exploited 0 CISA KEV List

PoC / Exploits 4 Code Available

Total RCEs 13 Remote Access

Total CVEs 236 Total Indexed

Avg. EPSS 5.98% Exploit Prob.

Latest CVE CVE-2026-6384 Apr 15

Security Vulnerability Index

Page 5 / 24

7.8 CVSS

CVE-2023-44441

RCE

GIMP DDS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DDS files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-22093.

EPSS: 11.74%

Severity: HIGH

May 03, 2024

5.5 CVSS

CVE-2022-32990

An issue in gimp_layer_invalidate_boundary of GNOME GIMP 2.10.30 allows attackers to trigger an unhandled exception via a crafted XCF file, causing a Denial of Service (DoS).

EPSS: 0.14%

Severity: MEDIUM

Jun 24, 2022

5.5 CVSS

CVE-2022-30067

GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Through a crafted XCF file, the program will allocate for a huge amount of memory, resulting in insufficient memory or program crash.

EPSS: 0.08%

Severity: MEDIUM

May 17, 2022

7.8 CVSS

CVE-2021-45463

load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIMP releases before 2.10.30; however, this does not imply that GIMP builds enable the vulnerable feature.

EPSS: 2.09%

Severity: HIGH

Dec 23, 2021

9.1 CVSS

CVE-2018-12713

GIMP through 2.10.2 makes g_get_tmp_dir calls to establish temporary filenames, which may result in a filename that already exists, as demonstrated by the gimp_write_and_read_file function in app/tests/test-xcf.c. This might be leveraged by attackers to overwrite files or read file content that was intended to be private.

EPSS: 0.37%

Severity: CRITICAL

Jun 24, 2018

7.8 CVSS

CVE-2017-17789

In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c.

EPSS: 0.45%

Severity: HIGH

Dec 20, 2017

5.5 CVSS

CVE-2017-17788

In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when there is no '\0' character after the version string.

EPSS: 0.48%

Severity: MEDIUM

Dec 20, 2017

7.8 CVSS

CVE-2017-17787

In GIMP 2.8.22, there is a heap-based buffer over-read in read_creator_block in plug-ins/common/file-psp.c.

EPSS: 0.21%

Severity: HIGH

Dec 20, 2017

7.8 CVSS

CVE-2017-17786

In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in plug-ins/common/file-tga.c (related to bgr2rgb.part.1) via an unexpected bits-per-pixel value for an RGBA image.

EPSS: 0.31%

Severity: HIGH

Dec 20, 2017

7.8 CVSS

CVE-2017-17785

In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c.

EPSS: 0.35%

Severity: HIGH

Dec 20, 2017

Displaying 10 of 236 Total Entries

3 4 5 6 7 ... 24

Total 24 Sections