CVE-2016-4994
gimp: Use-after-free vulnerabilities in the channel and layer properties parsing process
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Use-after-free vulnerability in the xcf_load_image function in app/xcf/xcf-load.c in GIMP allows remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted XCF file.
Vulnerabilidad de uso después de liberación de memoria en la función xcf_load_image en app/xcf/xcf-load.c en GIMP permite a atacantes remotos provocar una denegación de servicio (caída de programa) o posiblemente ejecutar código arbitrario a través de un archivo XCF manipulado.
Multiple use-after-free vulnerabilities were found in GIMP in the channel and layer properties parsing process when loading XCF files. An attacker could create a specially crafted XCF file which could cause GIMP to crash.
The GIMP is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. The following packages have been upgraded to a newer upstream version: gimp, gimp-help. Security Fix: Multiple use-after-free vulnerabilities were found in GIMP in the channel and layer properties parsing process when loading XCF files. An attacker could create a specially crafted XCF file which could cause GIMP to crash.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-05-24 CVE Reserved
- 2016-07-01 CVE Published
- 2024-08-06 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-416: Use After Free
CAPEC
References (11)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/91425 | Broken Link | |
http://www.securitytracker.com/id/1036226 | Third Party Advisory | |
https://bugzilla.gnome.org/show_bug.cgi?id=767873 | Issue Tracking |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://git.gnome.org/browse/gimp/commit/?id=e82aaa4b4ee0703c879e35ea9321fff6be3e9b6f | 2023-02-12 |