CVE-2016-4994
Description
Use-after-free vulnerability in the xcf_load_image function in app/xcf/xcf-load.c in GIMP allows remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted XCF file.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.639
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Upgrade gimp 2.8.16 to latest version | Windows |
| Vulnerabilities CVE-2016-4994 are affected in GIMP 2.8.16 | Windows |
| The GNU Image Manipulation Program (USN-1559-1) gimp_2.6.12-1ubuntu1.4_i386.deb | Linux |
| The GNU Image Manipulation Program (USN-1559-1) gimp_2.6.12-1ubuntu1.4_amd64.deb | Linux |
| gimp security update(DSA-3612-1) gimp_2.8.14-1+deb8u1_i386.deb | Linux |
| gimp security update(DSA-3612-1) gimp_2.8.14-1+deb8u1_amd64.deb | Linux |
| SUSE-SU-2016:1962-1(SUSE Linux Enterprise Desktop 12-SP1 ) gimp-2.8.10-7.8.x86_64.rpm | Linux |
| SUSE-SU-2016:1962-1(SUSE Linux Enterprise Desktop 12-SP1 ) gimp-debuginfo-2.8.10-7.8.x86_64.rpm | Linux |
| SUSE-SU-2016:1962-1(SUSE Linux Enterprise Desktop 12-SP1 ) gimp-debugsource-2.8.10-7.8.x86_64.rpm | Linux |
| SUSE-SU-2016:1962-1(SUSE Linux Enterprise Desktop 12-SP1 ) gimp-lang-2.8.10-7.8.noarch.rpm | Linux |
| SUSE-SU-2016:1962-1(SUSE Linux Enterprise Desktop 12-SP1 ) gimp-plugins-python-2.8.10-7.8.x86_64.rpm | Linux |
| SUSE-SU-2016:1962-1(SUSE Linux Enterprise Desktop 12-SP1 ) gimp-plugins-python-debuginfo-2.8.10-7.8.x86_64.rpm | Linux |
| SUSE-SU-2016:1962-1(SUSE Linux Enterprise Desktop 12-SP1 ) libgimp-2_0-0-2.8.10-7.8.x86_64.rpm | Linux |
| SUSE-SU-2016:1962-1(SUSE Linux Enterprise Desktop 12-SP1 ) libgimp-2_0-0-debuginfo-2.8.10-7.8.x86_64.rpm | Linux |
| SUSE-SU-2016:1962-1(SUSE Linux Enterprise Desktop 12-SP1 ) libgimpui-2_0-0-2.8.10-7.8.x86_64.rpm | Linux |
| SUSE-SU-2016:1962-1(SUSE Linux Enterprise Desktop 12-SP1 ) libgimpui-2_0-0-debuginfo-2.8.10-7.8.x86_64.rpm | Linux |
| (RHSA-2016:2589)Moderate: security, bug fix, and enhancement update gimp-debuginfo-2.8.16-3.el7.i686.rpm | Linux |
| (RHSA-2016:2589)Moderate: security, bug fix, and enhancement update gimp-debuginfo-2.8.16-3.el7.x86_64.rpm | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-338143 | GIMP (2.10.38) |
| PATCH-338143 | GIMP (2.10.38) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234