CVSS: 8.8EPSS: 3%CPEs: 4EXPL: 0CVE-2013-1978 – gimp: XWD plugin color map heap-based buffer overflow
https://notcve.org/view.php?id=CVE-2013-1978
04 Dec 2013 — Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window System (XWD) image dump with more colors than color map entries. Desbordamiento de búfer en la función read_xwd_cols en file-xwd.c en el plugin X Window Dump (XWD) de GIMP 2.6.9 y anteriores versiones permite a atacantes remotos provocar una denegación de servicio (c... • http://rhn.redhat.com/errata/RHSA-2013-1778.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 6%CPEs: 1EXPL: 1CVE-2012-5576 – plug-in): Stack-based buffer overflow when loading XWD file
https://notcve.org/view.php?id=CVE-2012-5576
18 Dec 2012 — Multiple stack-based buffer overflows in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.8.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large (1) red, (2) green, or (3) blue color mask in an XWD file. Múltiples desbordamientos de bufer basados en pila en file-xwd.c en el complemento X Window Dump (XWD) en GIMP v2.8.2 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de ... • http://git.gnome.org/browse/gimp/commit/?id=2873262fccba12af144ed96ed91be144d92ff2e1 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2012-4245 – Gentoo Linux Security Advisory 201603-01
https://notcve.org/view.php?id=CVE-2012-4245
31 Aug 2012 — The scriptfu network server in GIMP 2.6 does not require authentication, which allows remote attackers to execute arbitrary commands via the python-fu-eval command. El servidor de red ScriptFu en GIMP v2.6 no requiere autenticación, permite a atacantes remotos ejecutar comandos arbitrarios a través del comando python-fu-eval. GIMP is vulnerable to multiple buffer overflows which could result in the execution of arbitrary code or Denial of Service. Versions less than 2.8.0 are affected. • http://archives.neohapsis.com/archives/bugtraq/2012-08/0106.html • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2012-3402 – plug-in): Heap-buffer overflow by decoding certain PSD headers
https://notcve.org/view.php?id=CVE-2012-3402
25 Aug 2012 — Integer overflow in plug-ins/common/psd.c in the Adobe Photoshop PSD plugin in GIMP 2.2.13 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted channels header value in a PSD image file, which triggers a heap-based buffer overflow, a different vulnerability than CVE-2009-3909. Desbordamiento de entero en plug-ins/common/psd.c en el plugin de Adobe Photoshop PSD en GIMP 2.2.13 y anteriores permite a atacantes remotos provocar una denegación de ser... • http://rhn.redhat.com/errata/RHSA-2012-1181.html • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 4%CPEs: 1EXPL: 0CVE-2012-3403 – plug-in): heap buffer overflow when loading external palette files
https://notcve.org/view.php?id=CVE-2012-3403
25 Aug 2012 — Heap-based buffer overflow in the KiSS CEL file format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted KiSS palette file, which triggers an "invalid free." Desbordamiento de búfer basado en memoria dinámica en el complemento de formato de archivo KiSS CEL en GIMP v2.8.x y anteriores, permite a atacantes remotos provocar una denegación de servicio y posiblemente ejcutar código de su elección a través de un archivo de pal... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00020.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 3%CPEs: 1EXPL: 0CVE-2012-3481 – plug-in): Heap-based buffer overflow by loading certain GIF images
https://notcve.org/view.php?id=CVE-2012-3481
25 Aug 2012 — Integer overflow in the ReadImage function in plug-ins/common/file-gif-load.c in the GIF image format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted height and len properties in a GIF image file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. Desbordamiento de entero en la función ReadImage en plug-ins/common/file-gif-load.c en el co... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00023.html • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 9%CPEs: 1EXPL: 5CVE-2012-3236 – GIMP 2.8.0 - '.FIT' File Format Denial of Service
https://notcve.org/view.php?id=CVE-2012-3236
12 Jul 2012 — fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated using a long string. fits-io.c en GIMP antes de v2.8.1 permite a atacantes remotos causar una denegación de servicio (desreferencia de puntero nulo y caída de la aplicación) a través de una cabecera XTENSION incorrecta de un archivo .fit, tal y como se demuestra mediante una cadena demasiado larga. • https://www.exploit-db.com/exploits/19482 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 87%CPEs: 1EXPL: 3CVE-2012-2763 – GIMP 2.6 script-fu < 2.8.0 - Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2012-2763
12 Jul 2012 — Buffer overflow in the readstr_upto function in plug-ins/script-fu/tinyscheme/scheme.c in GIMP 2.6.12 and earlier, and possibly 2.6.13, allows remote attackers to execute arbitrary code via a long string in a command to the script-fu server. Desbordamiento de búfer basado en pila en la función readstr_upto en plug-ins/script-fu/tinyscheme/scheme.c en GIMP v2.6.12 y anteriores y posiblemente v2.6.13, permite a atacantes remotos ejecutar código de su elección a través de una cadena larga en un comando para el... • https://www.exploit-db.com/exploits/18956 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 5%CPEs: 3EXPL: 0CVE-2011-2896 – David Koblas' GIF decoder LZW decoder buffer overflow
https://notcve.org/view.php?id=CVE-2011-2896
19 Aug 2011 — The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to ... • http://cups.org/str.php?L3867 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2011-1782
https://notcve.org/view.php?id=CVE-2011-1782
27 Jul 2011 — Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image file that begins a long run count at the end of the image. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4543. Desbordamiento de buff... • http://secunia.com/advisories/48236 • CWE-787: Out-of-bounds Write •