GIMP 2.8.22

CPE Details

GIMP 2.8.22
gimp
gimp
2.8.22
2018-10-10
16h18 +00:00
2018-10-10
16h18 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:gimp:gimp:2.8.22:*:*:*:*:*:*:*

Informations

Vendor

gimp

Product

gimp

Version

2.8.22

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-45463 2021-12-23 05h00 +00:00 load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIMP releases before 2.10.30; however, this does not imply that GIMP builds enable the vulnerable feature.
7.8
High
CVE-2018-12713 2018-06-24 20h00 +00:00 GIMP through 2.10.2 makes g_get_tmp_dir calls to establish temporary filenames, which may result in a filename that already exists, as demonstrated by the gimp_write_and_read_file function in app/tests/test-xcf.c. This might be leveraged by attackers to overwrite files or read file content that was intended to be private.
9.1
Critical
CVE-2017-17784 2017-12-20 08h00 +00:00 In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data.
7.8
High
CVE-2017-17785 2017-12-20 08h00 +00:00 In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c.
7.8
High
CVE-2017-17786 2017-12-20 08h00 +00:00 In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in plug-ins/common/file-tga.c (related to bgr2rgb.part.1) via an unexpected bits-per-pixel value for an RGBA image.
7.8
High
CVE-2017-17787 2017-12-20 08h00 +00:00 In GIMP 2.8.22, there is a heap-based buffer over-read in read_creator_block in plug-ins/common/file-psp.c.
7.8
High
CVE-2017-17788 2017-12-20 08h00 +00:00 In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when there is no '\0' character after the version string.
5.5
Medium
CVE-2017-17789 2017-12-20 08h00 +00:00 In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c.
7.8
High
CVE-2012-3236 2012-07-12 19h00 +00:00 fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated using a long string.
4.3
CVE-2009-0581 2009-03-23 13h00 +00:00 Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file.
4.3
CVE-2009-0723 2009-03-23 13h00 +00:00 Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
9.3
CVE-2009-0733 2009-03-23 13h00 +00:00 Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions.
9.3