Search for packages
| purl | pkg:deb/debian/gimp@2.10.22-4 |
| Tags | Ghost |
| Next non-vulnerable version | 2.10.34-1+deb12u3 |
| Latest non-vulnerable version | 3.0.4-2 |
| Risk | 3.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1gay-n1hb-aaap
Aliases: CVE-2023-44443 |
GIMP PSP File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSP files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-22096. |
Affected by 9 other vulnerabilities. |
|
VCID-4nrg-y74g-aaab
Aliases: CVE-2023-44442 |
GIMP PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSD files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. Was ZDI-CAN-22094. |
Affected by 9 other vulnerabilities. |
|
VCID-8nms-qdz2-aaaa
Aliases: CVE-2022-32990 |
An issue in gimp_layer_invalidate_boundary of GNOME GIMP 2.10.30 allows attackers to trigger an unhandled exception via a crafted XCF file, causing a Denial of Service (DoS). |
Affected by 9 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 7 other vulnerabilities. |
|
VCID-aaj9-rndw-aaas
Aliases: CVE-2022-30067 |
GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Through a crafted XCF file, the program will allocate for a huge amount of memory, resulting in insufficient memory or program crash. |
Affected by 9 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 7 other vulnerabilities. |
|
VCID-sh95-tub9-aaaf
Aliases: CVE-2023-44444 |
GIMP PSP File Parsing Off-By-One Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSP files. Crafted data in a PSP file can trigger an off-by-one error when calculating a location to write within a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-22097. |
Affected by 9 other vulnerabilities. |
|
VCID-zxxv-uu3f-aaac
Aliases: CVE-2023-44441 |
GIMP DDS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DDS files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-22093. |
Affected by 9 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2024-01-11T18:36:38.357864+00:00 | Debian Importer | Affected by | VCID-8nms-qdz2-aaaa | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc2 |
| 2024-01-11T18:36:37.532913+00:00 | Debian Importer | Affected by | VCID-8nms-qdz2-aaaa | None | 34.0.0rc2 |
| 2024-01-11T16:11:23.786319+00:00 | Debian Importer | Affected by | VCID-aaj9-rndw-aaas | None | 34.0.0rc2 |
| 2024-01-11T16:11:22.983852+00:00 | Debian Importer | Affected by | VCID-aaj9-rndw-aaas | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc2 |
| 2024-01-05T09:53:10.683350+00:00 | Debian Importer | Affected by | VCID-sh95-tub9-aaaf | None | 34.0.0rc1 |
| 2024-01-05T09:53:09.065621+00:00 | Debian Importer | Affected by | VCID-1gay-n1hb-aaap | None | 34.0.0rc1 |
| 2024-01-05T09:53:07.131529+00:00 | Debian Importer | Affected by | VCID-4nrg-y74g-aaab | None | 34.0.0rc1 |
| 2024-01-05T09:53:05.413778+00:00 | Debian Importer | Affected by | VCID-zxxv-uu3f-aaac | None | 34.0.0rc1 |
| 2024-01-05T02:35:39.710764+00:00 | Debian Importer | Affected by | VCID-8nms-qdz2-aaaa | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc1 |
| 2024-01-05T02:35:38.877107+00:00 | Debian Importer | Affected by | VCID-8nms-qdz2-aaaa | None | 34.0.0rc1 |
| 2024-01-05T01:32:25.399566+00:00 | Debian Importer | Affected by | VCID-aaj9-rndw-aaas | None | 34.0.0rc1 |
| 2024-01-05T01:32:24.420721+00:00 | Debian Importer | Affected by | VCID-aaj9-rndw-aaas | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc1 |