PT-2022-6739 · Gimp+9 · Gimp+9

Published

2022-04-25

Updated

2026-01-02

CVE-2022-30067

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions GIMP versions 2.10.30 through 2.10.30 GIMP version 2.99.10

Description The issue is related to a buffer overflow vulnerability. It can be exploited by a remote attacker using a specially crafted XCF file, which causes the program to allocate a huge amount of memory. This results in insufficient memory or a program crash. The vulnerability is associated with the lack of input validation when copying a buffer.

Recommendations For GIMP version 2.10.30, consider disabling the handling of XCF files until a patch is available. For GIMP version 2.99.10, restrict access to the XCF file processing module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

ALSA-2022:7978

ALT-PU-2022-2049

ALT-PU-2023-1087

ALT-PU-2024-15193

ALT-PU-2025-8344

BDU:2023-03844

CVE-2022-30067

DLA-3659-1

DLA-4431-1

MGASA-2022-0219

OPENSUSE-SU-2022_2063-1

OPENSUSE-SU-2022_2619-1

OPENSUSE-SU-2022_2620-1

OPENSUSE-SU-2024:12092-1

RHSA-2022:7978

RHSA-2022_7978

RLSA-2022:7978

SUSE-SU-2022:1889-1

SUSE-SU-2022:2063-1

SUSE-SU-2022:2619-1

SUSE-SU-2022:2620-1

SUSE-SU-2022_1889-1

SUSE-SU-2022_2063-1

SUSE-SU-2022_2619-1

USN-6521-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Debian

Gimp

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2022-6739 · Gimp+9 · Gimp+9

CVE-2022-30067

Weakness Enumeration

Related Identifiers

Affected Products

References · 58