Buffer Overflow in GIMP Affects Multiple Versions
CVE-2022-30067

5.5MEDIUM

Key Information:

Vendor: Gimp
Status: Gimp
Vendor: CVE Published:; 17 May 2022

What is CVE-2022-30067?

GIMP versions 2.10.30 and 2.99.10 are susceptible to a buffer overflow vulnerability. By utilizing a specially crafted XCF file, an attacker can trigger excessive memory allocation, leading to potential crashes or insufficient memory conditions within the application. This vulnerability exacerbates the risk of remote code execution, highlighting the need for users to apply timely security updates and utilize safe file handling practices. For more information, refer to the relevant discussions and security announcements detailing this issue.

References

https://gitlab.gnome.org/GNOME/gimp/-/issues/8120

https://lists.debian.org/debian-lts-announce/2023/11/msg0...

mailing-list

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 17, 2022
Vulnerability Reserved
May 2, 2022

JSON

Gimp

What is CVE-2022-30067?

References

CVSS V3.1

Timeline