CVE-2022-32990
gimp: unhandled exception via a crafted XCF file may lead to DoS
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An issue in gimp_layer_invalidate_boundary of GNOME GIMP 2.10.30 allows attackers to trigger an unhandled exception via a crafted XCF file, causing a Denial of Service (DoS).
Un problema en la función gimp_layer_invalidate_boundary de GNOME GIMP versión 2.10.30, permite a atacantes desencadenar una excepción no manejada por medio de un archivo XCF diseñado, causando una Denegación de Servicio (DoS)
A vulnerability was found in GIMP when loading a specially crafted XCF file. Due to an incorrect function return value, GIMP may access memory outside its address space, resulting in a denial of service.
The GIMP is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. Issues addressed include buffer overflow and denial of service vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-06-13 CVE Reserved
- 2022-06-24 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-125: Out-of-bounds Read
- CWE-755: Improper Handling of Exceptional Conditions
CAPEC
References (3)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://gitlab.gnome.org/GNOME/gimp/-/issues/8230 | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2022-32990 | 2022-11-15 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2103202 | 2022-11-15 |