This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Gimp First view 2009-03-23
Product Gimp Last view 2021-12-23
Version 2.8.22 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:gimp:gimp

Activity : Overall

Related : CVE

  Date Alert Description
7.8 2021-12-23 CVE-2021-45463

load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIMP releases before 2.10.30; however, this does not imply that GIMP builds enable the vulnerable feature.
9.1 2018-06-24 CVE-2018-12713

GIMP through 2.10.2 makes g_get_tmp_dir calls to establish temporary filenames, which may result in a filename that already exists, as demonstrated by the gimp_write_and_read_file function in app/tests/test-xcf.c. This might be leveraged by attackers to overwrite files or read file content that was intended to be private.
7.8 2017-12-20 CVE-2017-17789

In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c.
5.5 2017-12-20 CVE-2017-17788

In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when there is no '\0' character after the version string.
7.8 2017-12-20 CVE-2017-17787

In GIMP 2.8.22, there is a heap-based buffer over-read in read_creator_block in plug-ins/common/file-psp.c.
7.8 2017-12-20 CVE-2017-17786

In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in plug-ins/common/file-tga.c (related to bgr2rgb.part.1) via an unexpected bits-per-pixel value for an RGBA image.
7.8 2017-12-20 CVE-2017-17785

In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c.
7.8 2017-12-20 CVE-2017-17784

In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data.
4.3 2012-07-12 CVE-2012-3236

fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated using a long string.
9.3 2009-03-23 CVE-2009-0733

Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions.
9.3 2009-03-23 CVE-2009-0723

Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
4.3 2009-03-23 CVE-2009-0581

Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file.

CWE : Common Weakness Enumeration

%idName
40% (4) CWE-125 Out-of-bounds Read
30% (3) CWE-787 Out-of-bounds Write
10% (1) CWE-476 NULL Pointer Dereference
10% (1) CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory L...
10% (1) CWE-190 Integer Overflow or Wraparound

Open Source Vulnerability Database (OSVDB)

id Description
56309 Little CMS (lcms) ReadSetOfCurves Function Image File Handling Overflow
56308 Little CMS (lcms) Image File Handling Unspecified Overflow
56307 Little CMS (lcms) Image File Handling Memory Exhaustion DoS

ExploitDB Exploits

id Description
19482 GIMP 2.8.0 FIT File Format DoS

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-12-13 Name : SuSE Update for gimp openSUSE-SU-2012:1080-1 (gimp)
File : nvt/gb_suse_2012_1080_1.nasl
2012-09-11 Name : Ubuntu Update for gimp USN-1559-1
File : nvt/gb_ubuntu_USN_1559_1.nasl
2011-08-09 Name : CentOS Update for java CESA-2009:0377 centos5 i386
File : nvt/gb_CESA-2009_0377_java_centos5_i386.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:121-1 (lcms)
File : nvt/mdksa_2009_121_1.nasl
2009-10-13 Name : SLES10: Security update for liblcms
File : nvt/sles10_liblcms.nasl
2009-10-11 Name : SLES11: Security update for lcms
File : nvt/sles11_lcms.nasl
2009-10-10 Name : SLES9: Security update for liblcms
File : nvt/sles9p5045880.nasl
2009-08-17 Name : Mandrake Security Advisory MDVSA-2009:162 (java-1.6.0-openjdk)
File : nvt/mdksa_2009_162.nasl
2009-06-23 Name : Mandrake Security Advisory MDVSA-2009:137 (java-1.6.0-openjdk)
File : nvt/mdksa_2009_137.nasl
2009-06-05 Name : Ubuntu USN-744-1 (lcms)
File : nvt/ubuntu_744_1.nasl
2009-06-05 Name : Ubuntu USN-743-1 (gs-gpl)
File : nvt/ubuntu_743_1.nasl
2009-06-05 Name : Mandrake Security Advisory MDVSA-2009:121 (lcms)
File : nvt/mdksa_2009_121.nasl
2009-05-11 Name : Fedora Core 9 FEDORA-2009-3914 (lcms)
File : nvt/fcore_2009_3914.nasl
2009-05-11 Name : Fedora Core 10 FEDORA-2009-3967 (lcms)
File : nvt/fcore_2009_3967.nasl
2009-04-20 Name : Gentoo Security Advisory GLSA 200904-19 (littlecms)
File : nvt/glsa_200904_19.nasl
2009-04-15 Name : RedHat Security Advisory RHSA-2009:0377
File : nvt/RHSA_2009_0377.nasl
2009-04-15 Name : Debian Security Advisory DSA 1769-1 (openjdk-6)
File : nvt/deb_1769_1.nasl
2009-04-15 Name : CentOS Security Advisory CESA-2009:0377 (java-1.6.0-openjdk)
File : nvt/ovcesa2009_0377.nasl
2009-03-31 Name : Fedora Core 10 FEDORA-2009-2903 (lcms)
File : nvt/fcore_2009_2903.nasl
2009-03-31 Name : SuSE Security Summary SUSE-SR:2009:007
File : nvt/suse_sr_2009_007.nasl
2009-03-31 Name : Debian Security Advisory DSA 1745-1 (lcms)
File : nvt/deb_1745_1.nasl
2009-03-31 Name : Debian Security Advisory DSA 1745-2 (lcms)
File : nvt/deb_1745_2.nasl
2009-03-31 Name : Fedora Core 9 FEDORA-2009-3034 (java-1.6.0-openjdk)
File : nvt/fcore_2009_3034.nasl
2009-03-31 Name : Fedora Core 9 FEDORA-2009-2910 (lcms)
File : nvt/fcore_2009_2910.nasl
2009-03-31 Name : Fedora Core 9 FEDORA-2009-2928 (lcms)
File : nvt/fcore_2009_2928.nasl

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-07-30 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_bfda2d80085811e8ad5c0021ccb9e74d.nasl - Type: ACT_GATHER_INFO
2018-01-19 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1023.nasl - Type: ACT_GATHER_INFO
2018-01-19 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1022.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2018-67b75f73fa.nasl - Type: ACT_GATHER_INFO
2018-01-02 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4077.nasl - Type: ACT_GATHER_INFO
2017-12-26 Name: The remote Debian host is missing a security update.
File: debian_DLA-1220.nasl - Type: ACT_GATHER_INFO
2015-01-19 Name: The remote Solaris system is missing a security patch for third-party software.
File: solaris11_gimp_20121009.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2012-543.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2009-0377.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2009-0339.nasl - Type: ACT_GATHER_INFO
2013-04-20 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2013-082.nasl - Type: ACT_GATHER_INFO
2013-01-25 Name: The remote SuSE 11 host is missing one or more security updates.
File: suse_11_gimp-120713.nasl - Type: ACT_GATHER_INFO
2012-09-11 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-1559-1.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20090319_lcms_on_SL5_x.nasl - Type: ACT_GATHER_INFO
2010-01-06 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2009-0377.nasl - Type: ACT_GATHER_INFO
2009-09-24 Name: The remote SuSE 11 host is missing one or more security updates.
File: suse_11_lcms-090317.nasl - Type: ACT_GATHER_INFO
2009-09-24 Name: The remote SuSE 10 host is missing a security-related patch.
File: suse_liblcms-6048.nasl - Type: ACT_GATHER_INFO
2009-09-24 Name: The remote SuSE 9 host is missing a security-related patch.
File: suse9_12361.nasl - Type: ACT_GATHER_INFO
2009-07-21 Name: The remote openSUSE host is missing a security update.
File: suse_11_0_java-1_6_0-openjdk-090312.nasl - Type: ACT_GATHER_INFO
2009-07-21 Name: The remote openSUSE host is missing a security update.
File: suse_11_0_lcms-090309.nasl - Type: ACT_GATHER_INFO
2009-07-21 Name: The remote openSUSE host is missing a security update.
File: suse_11_1_java-1_6_0-openjdk-090312.nasl - Type: ACT_GATHER_INFO
2009-07-21 Name: The remote openSUSE host is missing a security update.
File: suse_11_1_lcms-090309.nasl - Type: ACT_GATHER_INFO
2009-06-21 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2009-137.nasl - Type: ACT_GATHER_INFO
2009-05-22 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2009-121.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Fedora host is missing a security update.
File: fedora_2009-2903.nasl - Type: ACT_GATHER_INFO