PT-2022-6743 · Gnome+9 · Gimp+9

Published

2022-06-03

·

Updated

2025-07-02

·

CVE-2022-32990

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions GNOME GIMP version 2.10.30
Description The issue is related to the gimp layer invalidate boundary function, which allows attackers to trigger an unhandled exception via a crafted XCF file, causing a Denial of Service (DoS). This can be exploited by a remote attacker using a specially designed XCF file, leading to a disruption in service.
Recommendations For GNOME GIMP version 2.10.30, consider disabling the gimp layer invalidate boundary function as a temporary workaround until a patch is available. Additionally, avoid using crafted XCF files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Improper Handling of Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-755

Related Identifiers

ALSA-2022:7978
ALT-PU-2022-2049
ALT-PU-2023-1087
ALT-PU-2024-15193
ALT-PU-2025-8344
BDU:2023-03848
CVE-2022-32990
MGASA-2022-0330
OPENSUSE-SU-2022_3106-1
OPENSUSE-SU-2022_3107-1
OPENSUSE-SU-2024:14534-1
RHSA-2022:7978
RHSA-2022_7978
RLSA-2022:7978
SUSE-SU-2022:2867-1
SUSE-SU-2022:3106-1
SUSE-SU-2022:3107-1
SUSE-SU-2022_2867-1
SUSE-SU-2022_3106-1
SUSE-SU-2022_3107-1
USN-6521-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Debian
Gimp
Linuxmint
Red Hat
Rocky Linux
Suse
Ubuntu