Use-After-Free Vulnerability in GIMP by GNOME
CVE-2016-4994

7.8HIGH

Key Information:

Vendor

Gimp

Status
Gimp
Vendor
CVE Published:
12 July 2016

What is CVE-2016-4994?

The GIMP application is susceptible to a use-after-free vulnerability located in the xcf_load_image function within the XCF loading component. Attackers can exploit this flaw by crafting a malicious XCF file, potentially leading to a denial of service through unexpected program crashes, or even enabling arbitrary code execution. This vulnerability underscores the importance of careful file handling and the need for robust input validation in software applications.

References

http://www.securitytracker.com/id/1036226
vdb-entryx_refsource_SECTRACK
https://git.gnome.org/browse/gimp/commit/?id=e82aaa4b4ee0...
x_refsource_CONFIRM
https://bugzilla.gnome.org/show_bug.cgi?id=767873
x_refsource_CONFIRM

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.