RSS   Vulnerabilities for 'GIMP'   RSS

2012-07-12
 
CVE-2012-3236

CWE-119
 

 
fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated using a long string.

 
2011-08-19
 
CVE-2011-2896

CWE-119
 

 
The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895.

 
2011-06-06
 
CVE-2011-1178

CWE-189
 

 
Multiple integer overflows in the load_image function in file-pcx.c in the Personal Computer Exchange (PCX) plugin in GIMP 2.6.x and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PCX image that triggers a heap-based buffer overflow.

 
2011-01-07
 
CVE-2010-4543

CWE-119
 

 
Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image file that begins a long run count at the end of the image. NOTE: some of these details are obtained from third party information.

 
 
CVE-2010-4542

CWE-119
 

 
Stack-based buffer overflow in the gfig_read_parameter_gimp_rgb function in plug-ins/gfig/gfig-style.c in the GFIG plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long Foreground field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself. NOTE: some of these details are obtained from third party information.

 
 
CVE-2010-4541

CWE-119
 

 
Stack-based buffer overflow in the loadit function in plug-ins/common/sphere-designer.c in the SPHERE DESIGNER plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long "Number of lights" field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself.

 
 
CVE-2010-4540

CWE-119
 

 
Stack-based buffer overflow in the load_preset_response function in plug-ins/lighting/lighting-ui.c in the "LIGHTING EFFECTS > LIGHT" plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long Position field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself. NOTE: some of these details are obtained from third party information.

 
2007-08-27
 
CVE-2007-3741

 

 
The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp allow user-assisted remote attackers to cause a denial of service (crash or memory consumption) via crafted image files, as discovered using the fusil fuzzing tool.

 

 >>> Vendor: GNU 99 Products
INET
LIBC
Fingerd
WGET
BASH
Finger service
Gnumeric
MAKE
Emacs
Glibc
Mailman
Userv
Groff
Cfengine
Privacy guard
ED
G++
GCC
Findutils
GZIP
TAR
Radius
Enscript
ZLIB
Sharutils
Chess
Fileutils
Screen
Data display debugger
Zebra
LSH
Libtool
Anubis
FLIM
Aspell
Queue
Ksymoops
Gnats
Gettext
Mailutils
A2PS
Realtime linux security module
LESS
Gnubiff
Gnutls
Xemacs
Coreutils
CPIO
GDB
Phpbook
Texinfo
Gnump3d
Binutils
GV
Libtool-ltdl
Gpgme
Gnumail
Iceweasel
Flash player
GIMP
Tramp
Libcdio
M4
SCCS
Grub legacy
ADNS
Ibackup
Escript
Classpath
Gnu screen
Automake
Grub 2
NANO
Gnash
Gnu patch
Eglibc
Libtasn1
Libiberty
GREP
Libmicrohttpd
RUSH
GRUB
Readline
Patch
Parallel
Grub2
Libidn
Guile
OSIP
Gnutls libtasn1
Libssp
Ncurses
PSPP
CVS
Libextractor
Global
Guixsd
Recutils
Libredwg


Copyright 2019, cxsecurity.com

 

Back to Top