Filtered by vendor Gnome
Subscriptions
Filtered by product Gimp
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-59089 | 2 Gnome, Redhat | 2 Gimp, Enterprise Linux | 2026-07-13 | 5.5 Medium |
| A flaw was found in GIMP. The PlayStation TIM loader, responsible for handling PlayStation image files, incorrectly calculates the size of the Color Look-Up Table (CLUT) due to an integer overflow. This occurs when multiplying num_colors and num_cluts, both 16-bit unsigned short integers, resulting in a value exceeding the maximum integer limit. An attacker could exploit this by providing a specially crafted image file, leading to undefined behavior and causing the GIMP plug-in to abort, effectively resulting in a denial of service. | ||||
| CVE-2026-58380 | 2 Gnome, Redhat | 2 Gimp, Enterprise Linux | 2026-07-06 | 7.3 High |
| A flaw was found in GIMP's PNM file format parser. When parsing a specially crafted PNM file, the pnmscanner_gettoken() function writes a null terminator one byte past the end of a stack-allocated buffer due to an off-by-one error in the loop boundary check. This could lead to memory corruption, potentially resulting in denial of service or arbitrary code execution. | ||||
| CVE-2026-4887 | 3 Gimp, Gnome, Redhat | 9 Gimp, Gimp, Enterprise Linux and 6 more | 2026-06-16 | 6.1 Medium |
| A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possible application crash, resulting in a Denial of Service (DoS). | ||||
Page 1 of 1.