Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-q51r-2ma5-xuf6
Vulnerability ID VCID-q51r-2ma5-xuf6
Aliases CVE-2007-2356
Summary GIMP is vulnerable to a buffer overflow which may lead to the execution of arbitrary code.
Status Published
Exploitability 2.0
Weighted Severity 0.4
Risk 0.8
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.41011 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.41011 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.41011 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
epss 0.41011 https://api.first.org/data/v1/epss?cve=CVE-2007-2356
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2356.json
https://api.first.org/data/v1/epss?cve=CVE-2007-2356
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2356
238420 https://bugzilla.redhat.com/show_bug.cgi?id=238420
GLSA-200705-08 https://security.gentoo.org/glsa/200705-08
OSVDB-35417;CVE-2007-2356 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/3801.c
OSVDB-35417;CVE-2007-2356 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows_x86/local/3888.c
RHSA-2007:0343 https://access.redhat.com/errata/RHSA-2007:0343
USN-467-1 https://usn.ubuntu.com/467-1/
Data source Exploit-DB
Date added May 8, 2007
Description GIMP 2.2.14 (Windows x86) - '.ras' Download/Execute Buffer Overflow
Ransomware campaign use Known
Source publication date May 9, 2007
Exploit type local
Platform windows_x86
Source update date Jan. 31, 2017
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.97477
EPSS Score 0.41011
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T18:17:28.149174+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/200705-08 38.6.0