gimp: GIMP: Remote Code Execution via ANI File Parsing Integer Overflow

A flaw was found in GIMP. Remote attackers can exploit this vulnerability by tricking a user into opening a specially crafted ANI Animated Cursor file or visiting a malicious web page. This issue stems from an integer overflow during the parsing of ANI files, caused by insufficient validation of...

OESA-2026-1956 gimp security update

The GIMP is an image composition and editing program, which can be used for creating logos and other graphics for Web pages. The GIMP offers many tools and filters, and provides a large image manipulation toolbox, including channel operations and layers, effects, subpixel imaging and antialiasing...

OESA-2026-1955 gimp security update

The GIMP is an image composition and editing program, which can be used for creating logos and other graphics for Web pages. The GIMP offers many tools and filters, and provides a large image manipulation toolbox, including channel operations and layers, effects, subpixel imaging and antialiasing...

CVE-2026-4151

A flaw was found in GIMP. Remote attackers can exploit this vulnerability by tricking a user into opening a specially crafted ANI Animated Cursor file or visiting a malicious web page. This issue stems from an integer overflow during the parsing of ANI files, caused by insufficient validation of...

CVE-2026-4151

GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...

GIMP < 3.2.0 Multiple Vulnerabilities (macOS)

The version of GIMP installed on the remote macOS host is prior to 3.2.0. It is, therefore, affected by multiple vulnerabilities: - An integer overflow condition exists in PSD file parsing due to improper validation of user-supplied data. An unauthenticated, local attacker can exploit this, via a...

PT-2025-25660

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description A flaw was found in the handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash...

In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10 the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata leading to a denial of service or code execution attack. This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c.

...

OESA-2024-2040 gdk-pixbuf2 security update

gdk is written in C but has been designed from the ground up to support a wide range of languages. It provide a complete set of widgets,and suitable for projects ranging from small one-off tools to complete application suites. Security Fixes: In GNOME GdkPixbuf aka gdk-pixbuf through 2.42.10, the...

gnome: heap memory corruption on gdk-pixbuf

A flaw was found in GNOME's GdkPixbuf library, a library used to load image data in various formats used by GDK for handling graphical assets. This issue occurs when loading a crafted ANI animated cursor file file, which may lead to a heap based out-of-bounds write, causing memory corruption. Whe...

gnome: heap memory corruption on gdk-pixbuf

A flaw was found in GNOME's GdkPixbuf library, a library used to load image data in various formats used by GDK for handling graphical assets. This issue occurs when loading a crafted ANI animated cursor file file, which may lead to a heap based out-of-bounds write, causing memory corruption. Whe...

SUSE CVE-2022-48622

In GNOME GdkPixbuf aka gdk-pixbuf through 2.42.10, the ANI Windows animated cursor decoder encounters heap memory corruption in aniloadchunk in io-ani.c when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or...

ALPINE-CVE-2022-48622

In GNOME GdkPixbuf aka gdk-pixbuf through 2.42.10, the ANI Windows animated cursor decoder encounters heap memory corruption in aniloadchunk in io-ani.c when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or...

CVE-2022-48622

CVE-2022-48622 affects GNOME GdkPixbuf (gdk-pixbuf2) through 2.42.10. The ANI decoder can heap-corrupt when parsing crafted .ani files (function ani_load_chunk in io-ani.c), with impact to denial of service or potential code execution. Affected advisories note fixes in newer gdk-pixbuf2 releases ...

Microsoft Windows GDI Multiple Vulnerabilities (925902)

Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service persistent reboot via a large length value in the second or later anih block of a RIFF .ANI, cur, or .ico file, which...

Microsoft Animated Cursor .ANI Buffer Overflow

MS Animated Cursor .ANI BOF Perl Edition MS07-017 Discovered by Alex Sotirov from Determina,So all rights are reserved to him! Written by Jacky! This exploit is written in Perl , and it's the first MS07-017 exploit As i saw which be written in perl! THIS EXPLOIT IS FOR EDUCATIONAL PURPOSES ONLY !...

MS Internet Explorer .ANI files handling Downloader Exploit (MS05-002)

No description provided by source. / Modified by Vertygo aka Ivanm [email protected] all credits goes to houseofdabus Berend-Jan Wever and to milw0rm/ / Added string.h /str0ke / / HOD-ms05002-ani-expl.c: 2005-01-10: PUBLIC v.0.2 Copyright c 2004-2005 houseofdabus. MS05-002 Microsoft Internet Explore...

mswin-anim.txt

!/usr/bin/env python $Id: win32-loadaniicon.py 4 2007-06-02 00:47:59Z ramon $ Windows Animated Cursor Stack Overflow Exploit Copyright 2007 Ramon de Carvalho Valle , RISE Security This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public...

Microsoft Windows - Animated Cursor Stack Overflow

!/usr/bin/env python $Id: win32-loadaniicon.py 4 2007-06-02 00:47:59Z ramon $ Windows Animated Cursor Stack Overflow Exploit Copyright 2007 Ramon de Carvalho Valle , RISE Security This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public...

Microsoft Windows - Animated Cursor Stack Overflow

Microsoft Windows - Animated Cursor Stack Overflow !/usr/bin/env python $Id: win32-loadaniicon.py 4 2007-06-02 00:47:59Z ramon $ Windows Animated Cursor Stack Overflow Exploit Copyright 2007 Ramon de Carvalho Valle , RISE Security This program is free software; you can redistribute it and/or modi...