24 matches found
CVE-2025-71330 image-size 2.0.2 Denial of Service via Malformed ICNS Image Parsing
image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted ICNS image buffer. Attackers can craft an ICNS buffer containing valid magic bytes and a zero-valued entry length field to...
CVE-2025-71330
The CVE-2025-71330 issue affects image-size
PT-2026-48404
Name of the Vulnerable Software and Affected Versions image-size versions prior to 2.0.3 Description A denial of service issue exists where remote attackers can permanently block the Node.js event loop by providing a specially crafted ICNS image buffer. By supplying an ICNS buffer with valid magi...
CVE-2026-40917
A flaw was found in GIMP. This vulnerability, a heap buffer over-read in the icnsslurp function, occurs when processing specially crafted ICNS image files. An attacker could provide a malicious ICNS file, potentially leading to application crashes or information disclosure on systems that process...
RLSA-2026:4173 Important: gimp security update
The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. Security Fixes: gimp: GIMP:...
gimp security update
An update is available for gimp. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The GIMP GNU Image Manipulation Program is an image composition and editing...
AlmaLinux 9 : gimp (ALSA-2026:4173)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:4173 advisory. gimp: GIMP: Remote code execution via heap-based buffer overflow in ICNS file parsing CVE-2026-2047 gimp: GIMP: Remote Code Execution via uninitialized...
RockyLinux 9 : gimp (RLSA-2026:4173)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:4173 advisory. gimp: GIMP: Remote code execution via heap-based buffer overflow in ICNS file parsing CVE-2026-2047 gimp: GIMP: Remote Code Execution via uninitialized...
ALSA-2026:4173 Important: gimp security update
The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. Security Fixes: gimp: GIMP:...
DEBIAN-CVE-2026-2047
GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page ...
CVE-2026-2047 GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page ...
CVE-2026-2047
The CVE-2026-2047 issue is a heap-based buffer overflow in GIMP’s ICNS file parsing that allows remote code execution. It stems from insufficient validation of the length of user-supplied data before copying to a heap buffer. Exploitation requires user interaction (target visits a malicious page ...
CVE-2026-2047
GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page ...
Linux Distros Unpatched Vulnerability : CVE-2026-2047
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on...
GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ICNS files. Th...
Alibaba Cloud Linux 3 : 0191: gimp:2.8 (ALINUX3-SA-2025:0191)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2025:0191 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-10920: GIMP ICNS File Parsing...
TencentOS Server 3: gimp:2.8 (TSSA-2025:0937)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0937 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
AlmaLinux 9 : gimp (ALSA-2025:21968)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:21968 advisory. gimp: GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability CVE-2025-10922 gimp: GIMP ICNS File Parsing Out-Of-Bounds Writ...
gimp: GIMP ICNS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
A remote code execution RCE vulnerability exists in GIMP due to improper bounds checking during the parsing of ICNS image files. When a user opens a specially crafted ICNS file, it can trigger an out-of-bounds write, allowing attackers to execute arbitrary code within the context of the GIMP...
EUVD-2025-36718
GIMP ICNS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open...