First published: Tue May 17 2022(Updated: )
GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Through a crafted XCF file, the program will allocate for a huge amount of memory, resulting in insufficient memory or program crash.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
GIMP GIMP | =2.10.30 | |
GIMP GIMP | =2.99.10 | |
ubuntu/gimp | <2.10.32-1 | 2.10.32-1 |
ubuntu/gimp | <2.10.18-1ubuntu0.1 | 2.10.18-1ubuntu0.1 |
ubuntu/gimp | <2.10.30-1ubuntu0.1 | 2.10.30-1ubuntu0.1 |
debian/gimp | 2.10.8-2+deb10u1 2.10.34-1+deb12u2 2.10.34-1+deb12u1 2.10.36-2 2.10.36-3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-30067 is a vulnerability that affects GIMP versions 2.10.30 and 2.99.10, where a crafted XCF file can cause a buffer overflow leading to insufficient memory or program crash.
CVE-2022-30067 has a severity rating of medium, with a CVSS score of 5.5.
CVE-2022-30067 affects GIMP versions 2.10.30 and 2.99.10, causing a buffer overflow when processing a specially crafted XCF file.
The impact of CVE-2022-30067 is the allocation of a large amount of memory, leading to insufficient memory or program crash.
Yes, upgrading to a patched version of GIMP is recommended to fix CVE-2022-30067.