Lucene search
K

334 matches found

RedhatCVE
RedhatCVE
added 2026/04/13 11:57 a.m.4 views

CVE-2026-4150

A flaw was found in GIMP. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted PSD Photoshop Document file. This flaw is due to an integer overflow during the parsing of PSD files, which can lead to arbitrary code execution, allowing the attacker to run...

7.8CVSS7.4AI score0.00755EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/13 5:38 a.m.5 views

CVE-2026-4152

A flaw was found in GIMP. A remote attacker could exploit this by tricking a user into opening a specially crafted JP2 JPEG 2000 file. This flaw is due to a heap-based buffer overflow during JP2 file parsing, which allows for arbitrary code execution. Successful exploitation enables the attacker ...

7.8CVSS7.6AI score0.00744EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/11 3:30 a.m.6 views

EUVD-2026-21630

GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...

7.8CVSS7.6AI score0.00755EPSS
Exploits0References3
NVD
NVD
added 2026/04/11 1:16 a.m.5 views

CVE-2026-4153

GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

7.8CVSS0.00651EPSS
Exploits0References16
EUVD
EUVD
added 2026/04/11 12:15 a.m.6 views

EUVD-2026-21633

GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

7.8CVSS7.6AI score0.00744EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/11 12:15 a.m.4 views

CVE-2026-4152

GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

7.8CVSS7.6AI score0.00744EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/04/11 12:15 a.m.19 views

CVE-2026-4151

CVE-2026-4151 is a remote code execution vulnerability in the GIMP ANI file parser caused by integer overflow during parsing of ANI files. The issue can allow arbitrary code execution in the context of the target process, with user interaction required (target must open a malicious ANI file/page)...

7.8CVSS7.6AI score0.00664EPSS
Exploits0References7Affected Software1
CNNVD
CNNVD
added 2026/04/11 12:0 a.m.7 views

GIMP 输入验证错误漏洞

GIMP is an open-source bitmap image editor developed by the GIMP team. GIMP has a vulnerability related to input validation, which stems from integer overflow during the parsing of PSD files. This vulnerability may lead to remote code execution...

7.8CVSS7.5AI score0.00755EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/11 12:0 a.m.8 views

GIMP 输入验证错误漏洞

GIMP is an open-source bitmap image editor developed by the GIMP team. GIMP has a vulnerability related to input validation, which stems from integer overflow during the parsing of ANI files. This vulnerability may lead to remote code execution...

7.8CVSS7.5AI score0.00664EPSS
Exploits0References3
OSV
OSV
added 2026/03/27 2:3 p.m.4 views

OESA-2026-1713 gimp security update

The GIMP is an image composition and editing program, which can be used for creating logos and other graphics for Web pages. The GIMP offers many tools and filters, and provides a large image manipulation toolbox, including channel operations and layers, effects, subpixel imaging and antialiasing...

7.8CVSS7.2AI score0.00744EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/27 12:29 a.m.4 views

SUSE CVE-2026-4887

A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possible...

6.1CVSS6AI score0.00634EPSS
Exploits1References7
OSV
OSV
added 2026/03/26 9:17 p.m.5 views

UBUNTU-CVE-2026-2272

A flaw was found in GIMP. An integer overflow vulnerability exists when processing ICO image files, specifically in the icoreadinfo and icoreadicon functions. This issue arises because a size calculation for image buffers can wrap around due to a 32-bit integer evaluation, allowing oversized imag...

6.5CVSS6.1AI score0.00838EPSS
Exploits1References3
OSV
OSV
added 2026/03/26 9:17 p.m.4 views

UBUNTU-CVE-2026-2239

A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the freadpascalstring function when processing a specially crafted PSD Photoshop Document file. This occurs because the buffer allocated for a Pascal string is not properly null-terminated, leading to an out-of-bounds read whe...

6.5CVSS5.9AI score0.00485EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:16 p.m.7 views

CVE-2026-33161

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, a low-privileged authenticated user can call assets/image-editor with the ID of a private asset they cannot view and still receive editor response dat...

5.3CVSS5.7AI score0.00215EPSS
Exploits0References1
OSV
OSV
added 2026/03/26 1:16 p.m.4 views

UBUNTU-CVE-2026-4887

A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possible...

7.1CVSS5.9AI score0.00634EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/03/26 12:8 p.m.31 views

CVE-2026-4887

A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possible...

7.1CVSS6AI score0.00634EPSS
Exploits1References11
NVD
NVD
added 2026/03/24 6:16 p.m.3 views

CVE-2026-33161

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, a low-privileged authenticated user can call assets/image-editor with the ID of a private asset they cannot view and still receive editor response dat...

5.3CVSS0.00215EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/24 5:31 p.m.3 views

CVE-2026-33161

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, a low-privileged authenticated user can call assets/image-editor with the ID of a private asset they cannot view and still receive editor response dat...

5.3CVSS5.7AI score0.00215EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/03/24 5:31 p.m.24 views

CVE-2026-33161 Craft CMS: Anonymous "assets/image-editor" calls returns private asset editor metadata to unauthorized users

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, a low-privileged authenticated user can call assets/image-editor with the ID of a private asset they cannot view and still receive editor response dat...

5.3CVSS0.00215EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/24 5:31 p.m.4 views

CVE-2026-33161 Craft CMS: Anonymous "assets/image-editor" calls returns private asset editor metadata to unauthorized users

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, a low-privileged authenticated user can call assets/image-editor with the ID of a private asset they cannot view and still receive editor response dat...

5.3CVSS5.7AI score0.00215EPSS
Exploits0References4
Rows per page
Query Builder