Description
GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Through a crafted XCF file, the program will allocate for a huge amount of memory, resulting in insufficient memory or program crash.
References (2)
Core 2
Core References
Mailing List mailing-list
https://lists.debian.org/debian-lts-announce/2023/11/msg00015.html
Exploit, Issue Tracking, Third Party Advisory
https://gitlab.gnome.org/GNOME/gimp/-/issues/8120
Scores
CVSS v3
5.5
EPSS
0.0011
EPSS Percentile
28.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-120
Status
published
Products (2)
gimp/gimp
2.10.30
gimp/gimp
2.99.10
Published
May 17, 2022
Tracked Since
Feb 18, 2026