CVE-2016-4994
published 2016-07-12CVE-2016-4994: Use-after-free vulnerability in the xcf_load_image function in app/xcf/xcf-load.c in GIMP allows remote attackers to cause a denial of service (program crash)…
high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
Use-after-free vulnerability in the xcf_load_image function in app/xcf/xcf-load.c in GIMP allows remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted XCF file.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gimp | < gimp 2.8.16-2.2 (bookworm) | gimp 2.8.16-2.2 (bookworm) |
| gimp | gimp | < 2.8.18 | 2.8.18 |
| gimp | gimp | >= 0 < 2.8.16-2.2 | 2.8.16-2.2 |
| gimp | gimp | >= 0 < 2.8.16-2.2 | 2.8.16-2.2 |
| gimp | gimp | >= 0 < 2.8.16-2.2 | 2.8.16-2.2 |
| gimp | gimp | >= 0 < 2.8.16-2.2 | 2.8.16-2.2 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv7.8HIGH