gimp · threatengine.sh

CVE-2026-6384

all versions

A flaw was found in gimp. This buffer overflow vulnerability in the GIF image loading component's ReadJeffsImage function allows

7.3HIGH

CVE-2026-40919

all versions

A flaw was found in GIMP. This vulnerability, a buffer overflow in the file-seattle-filmworks plugin, can be exploited when a us

6.1MEDIUM

CVE-2026-40918

all versions

A flaw was found in GIMP. Processing a specially crafted PVR image file with large dimensions can lead to a denial of service (DoS

5.5MEDIUM

CVE-2026-40917

all versions

A flaw was found in GIMP. This vulnerability, a heap buffer over-read in the icns_slurp() function, occurs when processing speci

5.0MEDIUM

CVE-2026-40916

all versions

A flaw was found in GIMP. A stack buffer overflow vulnerability in the TIM image loader's 4BPP decoding path allows a local user t

5.0MEDIUM

CVE-2026-40915

all versions

A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the FITS image loader by providing

5.5MEDIUM

CVE-2026-4154

all versions

GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute

7.8HIGH

CVE-2026-4153

all versions

GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers t

7.8HIGH

CVE-2026-4152

all versions

GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers t

7.8HIGH

CVE-2026-4151

all versions

GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute

7.8HIGH

CVE-2026-4150

all versions

GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute

7.8HIGH

CVE-2026-2272

all versions

A flaw was found in GIMP. An integer overflow vulnerability exists when processing ICO image files, specifically in the `ico_read_

4.3MEDIUM

CVE-2026-2271

all versions

A flaw was found in GIMP's PSP (Paint Shop Pro) file parser. A remote attacker could exploit an integer overflow vulnerability in

3.3LOW

CVE-2026-2239

all versions

A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the fread_pascal_string function when processing a speciall

2.8LOW

CVE-2026-4887

< 3.2.0

A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attac

6.1MEDIUM

CVE-2026-2048

all versions

GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execu

7.8HIGH

CVE-2026-2047

all versions

GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers

7.8HIGH

CVE-2026-2045

all versions

GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execu

7.8HIGH

CVE-2026-2044

all versions

GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to exec

7.8HIGH

CVE-2026-0797

all versions

GIMP ICO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers t

7.8HIGH

CVE-2025-15059

all versions

GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers t

7.8HIGH

CVE-2025-14425

all versions

GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers t

7.8HIGH

CVE-2025-14424

all versions

GIMP XCF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute ar

7.8HIGH

CVE-2025-14423

all versions

GIMP LBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers

7.8HIGH

CVE-2025-14422

all versions

GIMP PNM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute

7.8HIGH

CVE-2025-10934

all versions

GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers t

7.8HIGH

CVE-2025-10925

all versions

GIMP ILBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers

7.8HIGH

CVE-2025-10924

all versions

GIMP FF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute a

7.8HIGH

CVE-2025-10923

all versions

GIMP WBMP File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute

7.8HIGH

CVE-2025-10922

all versions

GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers t

7.8HIGH

CVE-2025-10921

all versions

GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers t

7.8HIGH

CVE-2025-10920

all versions

GIMP ICNS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to exec

7.8HIGH

CVE-2025-8672

>= 3.0.2

MacOS version of GIMP bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted

7.8HIGH

CVE-2025-6035

all versions

A flaw was found in GIMP. An integer overflow vulnerability exists in the GIMP "Despeckle" plug-in. The issue occurs due to unche

6.1MEDIUM

CVE-2025-5473

< 3.0.4

GIMP ICO File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute

8.8HIGH

CVE-2025-2761

all versions

GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execu

7.8HIGH

CVE-2025-2760

all versions

GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute

7.8HIGH

CVE-2023-44444

< 2.10.36

GIMP PSP File Parsing Off-By-One Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitr

7.8HIGH

CVE-2023-44443

< 2.10.36

GIMP PSP File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute

7.8HIGH

CVE-2023-44442

< 2.10.36

GIMP PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers t

7.8HIGH

CVE-2023-44441

< 2.10.36

GIMP DDS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers t

7.8HIGH

CVE-2022-32990

all versions

An issue in gimp_layer_invalidate_boundary of GNOME GIMP 2.10.30 allows attackers to trigger an unhandled exception via a crafted

5.5MEDIUM

CVE-2022-30067

all versions

GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Through a crafted XCF file, the program will allocate for a huge amoun

5.5MEDIUM

CVE-2021-45463

< 2.10.30

load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered.

7.8HIGH

CVE-2018-12713

<= 2.10.2

GIMP through 2.10.2 makes g_get_tmp_dir calls to establish temporary filenames, which may result in a filename that already exists

9.1CRITICAL

CVE-2017-17789

all versions

In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c.

7.8HIGH

CVE-2017-17788

all versions

In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when there is no '\0' character after

5.5MEDIUM

CVE-2017-17787

all versions

In GIMP 2.8.22, there is a heap-based buffer over-read in read_creator_block in plug-ins/common/file-psp.c.

7.8HIGH

CVE-2017-17786

all versions

In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in plug-ins/common/file-tga.c (related to bgr2rgb.part.1) via

7.8HIGH

CVE-2017-17785

all versions

In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c.

7.8HIGH

CVE-2017-17784

all versions

In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the gbr import parser, relat

7.8HIGH

CVE-2016-4994

< 2.8.18

Use-after-free vulnerability in the xcf_load_image function in app/xcf/xcf-load.c in GIMP allows remote attackers to cause a denia

7.8HIGH

CVE-2013-1978

<= 2.6.9

Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlie

CVE-2013-1913

<= 2.6.9

Integer overflow in the load_image function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier, when used

CVE-2012-5576

< 2.8.4

Multiple stack-based buffer overflows in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.8.2 allow remote attackers to cau

CVE-2012-4245

>= 2.6.0 and <= 2.6.13

The scriptfu network server in GIMP 2.6 does not require authentication, which allows remote attackers to execute arbitrary comman

CVE-2012-3481

<= 2.8.0

Integer overflow in the ReadImage function in plug-ins/common/file-gif-load.c in the GIF image format plug-in in GIMP 2.8.x and ea

CVE-2012-3403

<= 2.8.0

Heap-based buffer overflow in the KiSS CEL file format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial

CVE-2012-3402

<= 2.2.13

Integer overflow in plug-ins/common/psd.c in the Adobe Photoshop PSD plugin in GIMP 2.2.13 and earlier allows remote attackers to

CVE-2012-3236

< 2.9.2

fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application cras

CVE-2012-2763

<= 2.6.13

Buffer overflow in the readstr_upto function in plug-ins/script-fu/tinyscheme/scheme.c in GIMP 2.6.12 and earlier, and possibly 2.

CVE-2011-2896

<= 2.6.11

The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read

CVE-2011-1782

all versions

Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allow

CVE-2011-1178

<= 2.7.0

Multiple integer overflows in the load_image function in file-pcx.c in the Personal Computer Exchange (PCX) plugin in GIMP 2.6.x a

CVE-2010-4543

all versions

Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allow

CVE-2010-4542

all versions

Stack-based buffer overflow in the gfig_read_parameter_gimp_rgb function in plug-ins/gfig/gfig-style.c in the GFIG plugin in GIMP

CVE-2010-4541

all versions

Stack-based buffer overflow in the loadit function in plug-ins/common/sphere-designer.c in the SPHERE DESIGNER plugin in GIMP 2.6.

CVE-2010-4540

all versions

Stack-based buffer overflow in the load_preset_response function in plug-ins/lighting/lighting-ui.c in the "LIGHTING EFFECTS > LIG

CVE-2009-3909

all versions

Integer overflow in the read_channel_data function in plug-ins/file-psd/psd-load.c in GIMP 2.6.7 might allow remote attackers to e

CVE-2009-1570

all versions

Integer overflow in the ReadImage function in plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers to execute a

CVE-2009-0733

< 2.9.2

Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used

CVE-2009-0723

< 2.9.2

Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, all

CVE-2009-0581

< 2.9.2

Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dep

CVE-2007-3741

all versions

The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp allow user-assisted remote attackers to cause a denial of se

CVE-2006-4519

< 2.2.16

Multiple integer overflows in the image loader plug-ins in GIMP before 2.2.16 allow user-assisted remote attackers to execute arbi

CVE-2007-2949

<= 2.2.15

Integer overflow in the seek_to_and_unpack_pixeldata function in the psd.c plugin in Gimp 2.2.15 allows remote attackers to execut

CVE-2007-3126

< 2.8.22

Gimp before 2.8.22 allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader cont

CVE-2007-2356

all versions

Stack-based buffer overflow in the set_color_table function in sunras.c in the SUNRAS plugin in Gimp 2.2.14 allows user-assisted r

CVE-2006-3404

< 2.2.12

Buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c for gimp before 2.2.12 allows user-assisted attackers to cau

CVE-2005-0654

all versions

gifload.exe in GIMP 2.0.5, 2.2.3, and possibly 2.2.4 allows remote attackers or local users to cause a denial of service (applicat