CVE-2022-30067
gimp: buffer overflow through a crafted XCF file
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Through a crafted XCF file, the program will allocate for a huge amount of memory, resulting in insufficient memory or program crash.
GIMP versiones 2.10.30 y 2.99.10, son vulnerables a un Desbordamiento del Búfer. Mediante un archivo XCF diseñado, el programa asignará una gran cantidad de memoria, resultando en una memoria insuficiente o en un bloqueo del programa
A vulnerability was found in GIMP. Via a specially crafted XCF file, GIMP can allocate a large amount of memory, potentially resulting in a denial of service.
The GIMP is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. Issues addressed include buffer overflow and denial of service vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-05-02 CVE Reserved
- 2022-05-17 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2023/11/msg00015.html | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| https://gitlab.gnome.org/GNOME/gimp/-/issues/8120 | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2022-30067 | 2022-11-15 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2087591 | 2022-11-15 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Gimp Search vendor "Gimp" | Gimp Search vendor "Gimp" for product "Gimp" | 2.10.30 Search vendor "Gimp" for product "Gimp" and version "2.10.30" | - |
Affected
| ||||||
| Gimp Search vendor "Gimp" | Gimp Search vendor "Gimp" for product "Gimp" | 2.99.10 Search vendor "Gimp" for product "Gimp" and version "2.99.10" | - |
Affected
| ||||||