File Overwrite and Information Disclosure Vulnerability in GIMP by GNOME
CVE-2018-12713

9.1CRITICAL

Key Information:

Vendor: Gimp
Status: Gimp
Vendor: CVE Published:; 24 June 2018

What is CVE-2018-12713?

GIMP versions prior to 2.10.3 are susceptible to a vulnerability that stems from the improper handling of temporary file names. The g_get_tmp_dir function can produce a filename that already exists, potentially leading to file overwriting or unauthorized reading of file content. An attacker may exploit this flaw through specially crafted inputs, thereby gaining access to private data or disrupting user workflows. This issue highlights the importance of secure file management practices in software development.

References

https://github.com/GNOME/gimp/commit/c21eff4b031acb04fb4d...

x_refsource_MISC

https://gitlab.gnome.org/GNOME/gimp/issues/1689

x_refsource_MISC

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2018
Vulnerability Reserved
Jun 24, 2018

JSON

Gimp

What is CVE-2018-12713?

References

CVSS V3.1

Timeline