SUSE CVE-2026-40917

A flaw was found in GIMP. This vulnerability, a heap buffer over-read in the icnsslurp function, occurs when processing specially crafted ICNS image files. An attacker could provide a malicious ICNS file, potentially leading to application crashes or information disclosure on systems that process...

EUVD-2026-23024

A flaw was found in GIMP. This vulnerability, a heap buffer over-read in the icnsslurp function, occurs when processing specially crafted ICNS image files. An attacker could provide a malicious ICNS file, potentially leading to application crashes or information disclosure on systems that process...

CVE-2026-40917

A flaw was found in GIMP. This vulnerability, a heap buffer over-read in the icnsslurp function, occurs when processing specially crafted ICNS image files. An attacker could provide a malicious ICNS file, potentially leading to application crashes or information disclosure on systems that process...

GIMP 安全漏洞

GIMP is an open-source bitmap image editor developed by the GIMP team. GIMP has a security vulnerability, which stems from excessive heap buffer reading in the icnsslurp function. This vulnerability may cause the application to crash or lead to information leaks when processing specially crafted...

UBUNTU-CVE-2026-2272

A flaw was found in GIMP. An integer overflow vulnerability exists when processing ICO image files, specifically in the icoreadinfo and icoreadicon functions. This issue arises because a size calculation for image buffers can wrap around due to a 32-bit integer evaluation, allowing oversized imag...

USN-8082-1 gimp vulnerabilities

Michael Randrianantenaina discovered that GIMP incorrectly handled certain malformed ICO files. An attacker could possibly use this to cause a denial of service or execute arbitrary code. CVE-2025-5473 Seungho Kim discovered that GIMP incorrectly handled certain memory operations when running the...

GIMP 安全漏洞

GIMP is an open-source bitmap image editor developed by the GIMP team. GIMP has a security vulnerability, which stems from integer overflow during the processing of ICO files, potentially leading to memory corruption...

PT-2025-47285

Name of the Vulnerable Software and Affected Versions Enable SVG, WebP, and ICO Upload plugin for WordPress versions up to and including 1.1.2 Description The Enable SVG, WebP, and ICO Upload plugin for WordPress is susceptible to arbitrary file upload due to insufficient file type validation whe...

ROS-20250924-07

A vulnerability in the GIMP graphics editor is related to an integer overflow when analyzing ICO files. Exploitation of the vulnerability could allow an attacker to execute arbitrary code on the target system...

Favicon Trojans: Executable Steganography Via Ico Alpha Channel Exploitation

This paper presents a novel method of executable steganography using the alpha transparency layer of ICO image files to embed and deliver self-decompressing JavaScript payloads within web browsers. By targeting the least significant bit LSB of non-transparent alpha layer image values, the propose...

WordPress plugin Uploading SVG, WEBP and ICO files security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

Ubuntu 16.04 ESM / 18.04 ESM : Cinnamon vulnerability (USN-4844-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-4844-1 advisory. Matthias Gerstner discovered that the cinnamon-settings-users utility in Cinnamon did not safely handle symlinks. An unprivileged attacker could...

SUSE CVE-2011-0727

GNOME Display Manager gdm 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a 1 dmrc or 2 face icon file under /var/cache/gdm/...

CVE-2022-34648

Authenticated author+ Stored Cross-Site Scripting XSS vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin = 1.0.1 at WordPress...

(0Day) Microsoft Windows ole32 OleCreateFontIndirectExt Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Cinnamon Design Vulnerability

Cinnamon is an open source desktop environment for Linux. A security vulnerability exists in Cinnamon versions 1.9.2 through 3.8.6, which originates from the cinnamon-settings-users.py GUI that can be run with root privileges and configure other users' icon files. The vulnerability can be exploit...

DEBIAN-CVE-2018-13054

An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of for example other users' icon files in onfacebrowsemenuitemactivated and onfacemenuitemactivated. These icon files are written to the respective user's $HOME/.face...

CVE-2018-13054

An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of for example other users' icon files in onfacebrowsemenuitemactivated and onfacemenuitemactivated. These icon files are written to the respective user's $HOME/.face...

UBUNTU-CVE-2018-13054

An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of for example other users' icon files in onfacebrowsemenuitemactivated and onfacemenuitemactivated. These icon files are written to the respective user's $HOME/.face...

CVE-2018-13054

CVE-2018-13054 affects Cinnamon 1.9.2–3.8.6 where cinnamon-settings-users.py runs as root and can overwrite any user’s ~/.face via symlink pointing to an arbitrary location, enabling a possible privilege escalation. Connected advisories (openSUSE, Fedora, SUSE, Mageia, Ubuntu) report a fix for th...