GIMP through 2.10.2 makes g_get_tmp_dir calls to establish temporary filenames, which may result in a filename that already exists, as demonstrated by the gimp_write_and_read_file function in app/tests/test-xcf.c. This might be leveraged by attackers to overwrite files or read file content that was intended to be private.
CPE | Name | Operator | Version |
---|---|---|---|
gimp | eq | GIMP_0_99_17 | |
gimp | eq | GIMP_1_1_14 | |
gimp | eq | GIMP_1_3_2 | |
gimp | eq | GIMP_1_1_21 | |
gimp | eq | TINY_FU_0_9_4 | |
gimp | eq | TINY_FU_0_9_5 | |
gimp | eq | GIMP_0_99_16 | |
gimp | eq | release-2-3-0 | |
gimp | eq | GIMP_0_99_23 | |
gimp | eq | GIMP_2_5_2 |