Debian Gimp vulnerabilities

CVE-2017-17787 [HIGH] CVE-2017-17787: gimp - In GIMP 2.8.22, there is a heap-based buffer over-read in read_creator_block in ... In GIMP 2.8.22, there is a heap-based buffer over-read in read_creator_block in plug-ins/common/file-psp.c. Scope: local bookworm: resolved (fixed in 2.8.20-1.1) bullseye: resolved (fixed in 2.8.20-1.1) forky: resolved (fixed in 2.8.20-1.1) sid: resolved (fixed in 2.8.20-1.1) trixie: resolved (fixed in 2.8.20-1.1)

CVE-2016-4994 [HIGH] CVE-2016-4994: gimp - Use-after-free vulnerability in the xcf_load_image function in app/xcf/xcf-load.... Use-after-free vulnerability in the xcf_load_image function in app/xcf/xcf-load.c in GIMP allows remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted XCF file. Scope: local bookworm: resolved (fixed in 2.8.16-2.2) bullseye: resolved (fixed in 2.8.16-2.2) forky: resolved (fixed in 2.8.16-2.2) sid: resolved (fixed i

CVE-2013-1953 [MEDIUM] CVE-2013-1953: gimp - Integer underflow in the input_bmp_reader function in input-bmp.c in AutoTrace 0... Integer underflow in the input_bmp_reader function in input-bmp.c in AutoTrace 0.31.1 allows context-dependent attackers to have an unspecified impact via a small value in the biSize field in the header of a BMP file, which triggers a buffer overflow. Scope: local bookworm: resolved (fixed in 2.6.10-1) bullseye: resolved (fixed in 2.6.10-1) forky: resolved (fixed in 2.

CVE-2013-1913 [MEDIUM] CVE-2013-1913: gimp - Integer overflow in the load_image function in file-xwd.c in the X Window Dump (... Integer overflow in the load_image function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large color entries value in an X Window System (XWD) image dump. Scope: local bookworm: resolved (fixed in 2.8.10-

CVE-2013-1978 [MEDIUM] CVE-2013-1978: gimp - Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X ... Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window System (XWD) image dump with more colors than color map entries. Scope: local bookworm: resolved (fixed in 2.8.10-0.1) bullsey

CVE-2012-3402 [CRITICAL] CVE-2012-3402: gimp - Integer overflow in plug-ins/common/psd.c in the Adobe Photoshop PSD plugin in G... Integer overflow in plug-ins/common/psd.c in the Adobe Photoshop PSD plugin in GIMP 2.2.13 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted channels header value in a PSD image file, which triggers a heap-based buffer overflow, a different vulnerability than CVE-2009-3909. Scope: local bookworm: resolv

CVE-2012-5576 [HIGH] CVE-2012-5576: gimp - Multiple stack-based buffer overflows in file-xwd.c in the X Window Dump (XWD) p... Multiple stack-based buffer overflows in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.8.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large (1) red, (2) green, or (3) blue color mask in an XWD file. Scope: local bookworm: resolved (fixed in 2.8.2-2) bullseye: resolved (fixed in 2.8.2-2) forky: resolved

CVE-2012-3481 [MEDIUM] CVE-2012-3481: gimp - Integer overflow in the ReadImage function in plug-ins/common/file-gif-load.c in... Integer overflow in the ReadImage function in plug-ins/common/file-gif-load.c in the GIF image format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted height and len properties in a GIF image file, which triggers a heap-based buffer overflow. NOTE: some of these de

CVE-2012-3403 [MEDIUM] CVE-2012-3403: gimp - Heap-based buffer overflow in the KiSS CEL file format plug-in in GIMP 2.8.x and... Heap-based buffer overflow in the KiSS CEL file format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted KiSS palette file, which triggers an "invalid free." Scope: local bookworm: resolved (fixed in 2.8.2-1) bullseye: resolved (fixed in 2.8.2-1) forky: resolved (fixed in 2.8.2-1) si

CVE-2012-3236 [MEDIUM] CVE-2012-3236: gimp - fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of serv... fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated using a long string. Scope: local bookworm: resolved (fixed in 2.8.2-1) bullseye: resolved (fixed in 2.8.2-1) forky: resolved (fixed in 2.8.2-1) sid: resolved (fixed in 2.8.2

CVE-2012-2763 [HIGH] CVE-2012-2763: gimp - Buffer overflow in the readstr_upto function in plug-ins/script-fu/tinyscheme/sc... Buffer overflow in the readstr_upto function in plug-ins/script-fu/tinyscheme/scheme.c in GIMP 2.6.12 and earlier, and possibly 2.6.13, allows remote attackers to execute arbitrary code via a long string in a command to the script-fu server. Scope: local bookworm: resolved (fixed in 2.8.0-1) bullseye: resolved (fixed in 2.8.0-1) forky: resolved (fixed in 2.8.0-1) sid: re

CVE-2011-2896 [HIGH] CVE-2011-2896: cups - The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Kobl... The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other pro

CVE-2011-1782 [HIGH] CVE-2011-1782: gimp - Heap-based buffer overflow in the read_channel_data function in file-psp.c in th... Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image file that begins a long run count at the end of the image. NOTE: some of these details are ob

CVE-2011-1178 [MEDIUM] CVE-2011-1178: gimp - Multiple integer overflows in the load_image function in file-pcx.c in the Perso... Multiple integer overflows in the load_image function in file-pcx.c in the Personal Computer Exchange (PCX) plugin in GIMP 2.6.x and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PCX image that triggers a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 2.6.10-1) bul

CVE-2010-4541 [CRITICAL] CVE-2010-4541: gimp - Stack-based buffer overflow in the loadit function in plug-ins/common/sphere-des... Stack-based buffer overflow in the loadit function in plug-ins/common/sphere-designer.c in the SPHERE DESIGNER plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long "Number of lights" field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plug

CVE-2010-4543 [HIGH] CVE-2010-4543: gimp - Heap-based buffer overflow in the read_channel_data function in file-psp.c in th... Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image file that begins a long run count at the end of the image. NOTE: some of these details are ob

CVE-2010-4542 [MEDIUM] CVE-2010-4542: gimp - Stack-based buffer overflow in the gfig_read_parameter_gimp_rgb function in plug... Stack-based buffer overflow in the gfig_read_parameter_gimp_rgb function in plug-ins/gfig/gfig-style.c in the GFIG plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long Foreground field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin con

CVE-2010-4540 [MEDIUM] CVE-2010-4540: gimp - Stack-based buffer overflow in the load_preset_response function in plug-ins/lig... Stack-based buffer overflow in the load_preset_response function in plug-ins/lighting/lighting-ui.c in the "LIGHTING EFFECTS > LIGHT" plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long Position field in a plugin configuration file. NOTE: it may be uncommon to obtain

CVE-2009-3909 [CRITICAL] CVE-2009-3909: gimp - Integer overflow in the read_channel_data function in plug-ins/file-psd/psd-load... Integer overflow in the read_channel_data function in plug-ins/file-psd/psd-load.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a crafted PSD file that triggers a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 2.6.7-1.1) bullseye: resolved (fixed in 2.6.7-1.1) forky: resolved (fixed in 2.6.7-1.1) sid: resolved (fixed

CVE-2009-1570 [CRITICAL] CVE-2009-1570: gimp - Integer overflow in the ReadImage function in plug-ins/file-bmp/bmp-read.c in GI... Integer overflow in the ReadImage function in plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a BMP file with crafted width and height values that trigger a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 2.6.7-1.1) bullseye: resolved (fixed in 2.6.7-1.1) forky: resolved (fixed in 2.6.7-1.1)