CVE-2016-4994

Use-after-free vulnerability in the xcf_load_image function in app/xcf/xcf-load.c in GIMP allows remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted XCF file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
Affected Products (NVD)
VendorProductVersion
gimpgimp
𝑥
< 2.8.18
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
gimp
bookworm
2.10.34-1+deb12u2
fixed
bookworm (security)
2.10.34-1+deb12u1
fixed
bullseye
2.10.22-4+deb11u2
fixed
bullseye (security)
2.10.22-4+deb11u1
fixed
sid
2.10.38-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gimp
precise
Fixed 2.6.12-1ubuntu1.4
released
trusty
Fixed 2.8.10-0ubuntu1.1
released
wily
Fixed 2.8.14-1ubuntu2.1
released
xenial
Fixed 2.8.16-1ubuntu1.1
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
gimp
suse enterprise desktop 12 SP1
2.8.10-7.8
fixed
suse enterprise desktop 12 SP2
2.8.18-4.7
fixed
suse enterprise desktop 12 SP3
2.8.18-8.1
fixed
suse enterprise desktop 12 SP4
2.8.18-9.3.26
fixed
suse enterprise desktop 15
2.8.22-3.42
fixed
suse enterprise desktop 15 SP1
2.8.22-3.42
fixed
suse enterprise desktop 15 SP2
2.10.12-1.100
fixed
suse enterprise desktop 15 SP3
2.10.12-7.25
fixed
suse enterprise desktop 15 SP4
2.10.30-150400.1.10
fixed
suse enterprise sap 12 SP1
2.8.10-7.8
fixed
suse enterprise sap 12 SP2
2.8.18-4.7
fixed
suse enterprise sap 12 SP3
2.8.18-8.1
fixed
suse enterprise sap 12 SP4
2.8.18-9.3.26
fixed
suse enterprise sap 12 SP5
2.8.18-9.3.26
fixed
suse enterprise sap 15
2.8.22-3.42
fixed
suse enterprise sap 15 SP1
2.8.22-3.42
fixed
suse enterprise sap 15 SP2
2.10.12-1.100
fixed
suse enterprise sap 15 SP3
2.10.12-7.25
fixed
suse enterprise sap 15 SP4
2.10.30-150400.1.10
fixed
suse enterprise server 12 SP1
2.8.10-7.8
fixed
suse enterprise server 12 SP2
2.8.18-4.7
fixed
suse enterprise server 12 SP3
2.8.18-8.1
fixed
suse enterprise server 12 SP4
2.8.18-9.3.26
fixed
suse enterprise server 12 SP5
2.8.18-9.3.26
fixed
suse enterprise server 15
2.8.22-3.42
fixed
suse enterprise server 15 SP1
2.8.22-3.42
fixed
suse enterprise server 15 SP2
2.10.12-1.100
fixed
suse enterprise server 15 SP3
2.10.12-7.25
fixed
suse enterprise server 15 SP4
2.10.30-150400.1.10
fixed
suse enterprise workstation 12 SP1
2.8.10-7.8
fixed
suse enterprise workstation 12 SP2
2.8.18-4.7
fixed
suse enterprise workstation 12 SP3
2.8.18-8.1
fixed
suse enterprise workstation 12 SP4
2.8.18-9.3.26
fixed
suse enterprise workstation 12 SP5
2.8.18-9.3.26
fixed
suse enterprise workstation 15
2.8.22-3.42
fixed
suse enterprise workstation 15 SP1
2.8.22-3.42
fixed
suse enterprise workstation 15 SP2
2.10.12-1.100
fixed
suse enterprise workstation 15 SP3
2.10.12-7.25
fixed
suse enterprise workstation 15 SP4
2.10.30-150400.1.10
fixed
gimp-devel
suse enterprise desktop 15
2.8.22-3.42
fixed
suse enterprise desktop 15 SP1
2.8.22-3.42
fixed
suse enterprise desktop 15 SP2
2.10.12-1.100
fixed
suse enterprise desktop 15 SP3
2.10.12-7.25
fixed
suse enterprise desktop 15 SP4
2.10.30-150400.1.10
fixed
suse enterprise sap 15
2.8.22-3.42
fixed
suse enterprise sap 15 SP1
2.8.22-3.42
fixed
suse enterprise sap 15 SP2
2.10.12-1.100
fixed
suse enterprise sap 15 SP3
2.10.12-7.25
fixed
suse enterprise sap 15 SP4
2.10.30-150400.1.10
fixed
suse enterprise server 15
2.8.22-3.42
fixed
suse enterprise server 15 SP1
2.8.22-3.42
fixed
suse enterprise server 15 SP2
2.10.12-1.100
fixed
suse enterprise server 15 SP3
2.10.12-7.25
fixed
suse enterprise server 15 SP4
2.10.30-150400.1.10
fixed
suse enterprise workstation 15
2.8.22-3.42
fixed
suse enterprise workstation 15 SP1
2.8.22-3.42
fixed
suse enterprise workstation 15 SP2
2.10.12-1.100
fixed
suse enterprise workstation 15 SP3
2.10.12-7.25
fixed
suse enterprise workstation 15 SP4
2.10.30-150400.1.10
fixed
gimp-lang
suse enterprise desktop 12 SP1
2.8.10-7.8
fixed
suse enterprise desktop 12 SP2
2.8.18-4.7
fixed
suse enterprise desktop 12 SP3
2.8.18-8.1
fixed
suse enterprise desktop 12 SP4
2.8.18-9.3.26
fixed
suse enterprise desktop 15
2.8.22-3.42
fixed
suse enterprise desktop 15 SP1
2.8.22-3.42
fixed
suse enterprise desktop 15 SP2
2.10.12-1.100
fixed
suse enterprise desktop 15 SP3
2.10.12-7.25
fixed
suse enterprise desktop 15 SP4
2.10.30-150400.1.10
fixed
suse enterprise sap 12 SP1
2.8.10-7.8
fixed
suse enterprise sap 12 SP2
2.8.18-4.7
fixed
suse enterprise sap 12 SP3
2.8.18-8.1
fixed
suse enterprise sap 12 SP4
2.8.18-9.3.26
fixed
suse enterprise sap 12 SP5
2.8.18-9.3.26
fixed
suse enterprise sap 15
2.8.22-3.42
fixed
suse enterprise sap 15 SP1
2.8.22-3.42
fixed
suse enterprise sap 15 SP2
2.10.12-1.100
fixed
suse enterprise sap 15 SP3
2.10.12-7.25
fixed
suse enterprise sap 15 SP4
2.10.30-150400.1.10
fixed
suse enterprise server 12 SP1
2.8.10-7.8
fixed
suse enterprise server 12 SP2
2.8.18-4.7
fixed
suse enterprise server 12 SP3
2.8.18-8.1
fixed
suse enterprise server 12 SP4
2.8.18-9.3.26
fixed
suse enterprise server 12 SP5
2.8.18-9.3.26
fixed
suse enterprise server 15
2.8.22-3.42
fixed
suse enterprise server 15 SP1
2.8.22-3.42
fixed
suse enterprise server 15 SP2
2.10.12-1.100
fixed
suse enterprise server 15 SP3
2.10.12-7.25
fixed
suse enterprise server 15 SP4
2.10.30-150400.1.10
fixed
suse enterprise workstation 12 SP1
2.8.10-7.8
fixed
suse enterprise workstation 12 SP2
2.8.18-4.7
fixed
suse enterprise workstation 12 SP3
2.8.18-8.1
fixed
suse enterprise workstation 12 SP4
2.8.18-9.3.26
fixed
suse enterprise workstation 12 SP5
2.8.18-9.3.26
fixed
suse enterprise workstation 15
2.8.22-3.42
fixed
suse enterprise workstation 15 SP1
2.8.22-3.42
fixed
suse enterprise workstation 15 SP2
2.10.12-1.100
fixed
suse enterprise workstation 15 SP3
2.10.12-7.25
fixed
suse enterprise workstation 15 SP4
2.10.30-150400.1.10
fixed
gimp-plugins-python
suse enterprise desktop 12 SP1
2.8.10-7.8
fixed
suse enterprise desktop 12 SP2
2.8.18-4.7
fixed
suse enterprise desktop 12 SP3
2.8.18-8.1
fixed
suse enterprise desktop 12 SP4
2.8.18-9.3.26
fixed
suse enterprise desktop 15
2.8.22-3.42
fixed
suse enterprise desktop 15 SP1
2.8.22-3.42
fixed
suse enterprise desktop 15 SP2
2.10.12-1.100
fixed
suse enterprise desktop 15 SP3
2.10.12-3.3.7
fixed
suse enterprise sap 12 SP1
2.8.10-7.8
fixed
suse enterprise sap 12 SP2
2.8.18-4.7
fixed
suse enterprise sap 12 SP3
2.8.18-8.1
fixed
suse enterprise sap 12 SP4
2.8.18-9.3.26
fixed
suse enterprise sap 12 SP5
2.8.18-9.3.26
fixed
suse enterprise sap 15
2.8.22-3.42
fixed
suse enterprise sap 15 SP1
2.8.22-3.42
fixed
suse enterprise sap 15 SP2
2.10.12-1.100
fixed
suse enterprise sap 15 SP3
2.10.12-3.3.7
fixed
suse enterprise server 12 SP1
2.8.10-7.8
fixed
suse enterprise server 12 SP2
2.8.18-4.7
fixed
suse enterprise server 12 SP3
2.8.18-8.1
fixed
suse enterprise server 12 SP4
2.8.18-9.3.26
fixed
suse enterprise server 12 SP5
2.8.18-9.3.26
fixed
suse enterprise server 15
2.8.22-3.42
fixed
suse enterprise server 15 SP1
2.8.22-3.42
fixed
suse enterprise server 15 SP2
2.10.12-1.100
fixed
suse enterprise server 15 SP3
2.10.12-3.3.7
fixed
suse enterprise workstation 12 SP1
2.8.10-7.8
fixed
suse enterprise workstation 12 SP2
2.8.18-4.7
fixed
suse enterprise workstation 12 SP3
2.8.18-8.1
fixed
suse enterprise workstation 12 SP4
2.8.18-9.3.26
fixed
suse enterprise workstation 12 SP5
2.8.18-9.3.26
fixed
suse enterprise workstation 15
2.8.22-3.42
fixed
suse enterprise workstation 15 SP1
2.8.22-3.42
fixed
suse enterprise workstation 15 SP2
2.10.12-1.100
fixed
suse enterprise workstation 15 SP3
2.10.12-3.3.7
fixed
libgimp-2_0-0
suse enterprise desktop 12 SP1
2.8.10-7.8
fixed
suse enterprise desktop 12 SP2
2.8.18-4.7
fixed
suse enterprise desktop 12 SP3
2.8.18-8.1
fixed
suse enterprise desktop 12 SP4
2.8.18-9.3.26
fixed
suse enterprise desktop 15
2.8.22-3.42
fixed
suse enterprise desktop 15 SP1
2.8.22-3.42
fixed
suse enterprise desktop 15 SP2
2.10.12-1.100
fixed
suse enterprise desktop 15 SP3
2.10.12-7.25
fixed
suse enterprise desktop 15 SP4
2.10.30-150400.1.10
fixed
suse enterprise sap 12 SP1
2.8.10-7.8
fixed
suse enterprise sap 12 SP2
2.8.18-4.7
fixed
suse enterprise sap 12 SP3
2.8.18-8.1
fixed
suse enterprise sap 12 SP4
2.8.18-9.3.26
fixed
suse enterprise sap 12 SP5
2.8.18-9.3.26
fixed
suse enterprise sap 15
2.8.22-3.42
fixed
suse enterprise sap 15 SP1
2.8.22-3.42
fixed
suse enterprise sap 15 SP2
2.10.12-1.100
fixed
suse enterprise sap 15 SP3
2.10.12-7.25
fixed
suse enterprise sap 15 SP4
2.10.30-150400.1.10
fixed
suse enterprise server 12 SP1
2.8.10-7.8
fixed
suse enterprise server 12 SP2
2.8.18-4.7
fixed
suse enterprise server 12 SP3
2.8.18-8.1
fixed
suse enterprise server 12 SP4
2.8.18-9.3.26
fixed
suse enterprise server 12 SP5
2.8.18-9.3.26
fixed
suse enterprise server 15
2.8.22-3.42
fixed
suse enterprise server 15 SP1
2.8.22-3.42
fixed
suse enterprise server 15 SP2
2.10.12-1.100
fixed
suse enterprise server 15 SP3
2.10.12-7.25
fixed
suse enterprise server 15 SP4
2.10.30-150400.1.10
fixed
suse enterprise workstation 12 SP1
2.8.10-7.8
fixed
suse enterprise workstation 12 SP2
2.8.18-4.7
fixed
suse enterprise workstation 12 SP3
2.8.18-8.1
fixed
suse enterprise workstation 12 SP4
2.8.18-9.3.26
fixed
suse enterprise workstation 12 SP5
2.8.18-9.3.26
fixed
suse enterprise workstation 15
2.8.22-3.42
fixed
suse enterprise workstation 15 SP1
2.8.22-3.42
fixed
suse enterprise workstation 15 SP2
2.10.12-1.100
fixed
suse enterprise workstation 15 SP3
2.10.12-7.25
fixed
suse enterprise workstation 15 SP4
2.10.30-150400.1.10
fixed
libgimpui-2_0-0
suse enterprise desktop 12 SP1
2.8.10-7.8
fixed
suse enterprise desktop 12 SP2
2.8.18-4.7
fixed
suse enterprise desktop 12 SP3
2.8.18-8.1
fixed
suse enterprise desktop 12 SP4
2.8.18-9.3.26
fixed
suse enterprise desktop 15
2.8.22-3.42
fixed
suse enterprise desktop 15 SP1
2.8.22-3.42
fixed
suse enterprise desktop 15 SP2
2.10.12-1.100
fixed
suse enterprise desktop 15 SP3
2.10.12-7.25
fixed
suse enterprise desktop 15 SP4
2.10.30-150400.1.10
fixed
suse enterprise sap 12 SP1
2.8.10-7.8
fixed
suse enterprise sap 12 SP2
2.8.18-4.7
fixed
suse enterprise sap 12 SP3
2.8.18-8.1
fixed
suse enterprise sap 12 SP4
2.8.18-9.3.26
fixed
suse enterprise sap 12 SP5
2.8.18-9.3.26
fixed
suse enterprise sap 15
2.8.22-3.42
fixed
suse enterprise sap 15 SP1
2.8.22-3.42
fixed
suse enterprise sap 15 SP2
2.10.12-1.100
fixed
suse enterprise sap 15 SP3
2.10.12-7.25
fixed
suse enterprise sap 15 SP4
2.10.30-150400.1.10
fixed
suse enterprise server 12 SP1
2.8.10-7.8
fixed
suse enterprise server 12 SP2
2.8.18-4.7
fixed
suse enterprise server 12 SP3
2.8.18-8.1
fixed
suse enterprise server 12 SP4
2.8.18-9.3.26
fixed
suse enterprise server 12 SP5
2.8.18-9.3.26
fixed
suse enterprise server 15
2.8.22-3.42
fixed
suse enterprise server 15 SP1
2.8.22-3.42
fixed
suse enterprise server 15 SP2
2.10.12-1.100
fixed
suse enterprise server 15 SP3
2.10.12-7.25
fixed
suse enterprise server 15 SP4
2.10.30-150400.1.10
fixed
suse enterprise workstation 12 SP1
2.8.10-7.8
fixed
suse enterprise workstation 12 SP2
2.8.18-4.7
fixed
suse enterprise workstation 12 SP3
2.8.18-8.1
fixed
suse enterprise workstation 12 SP4
2.8.18-9.3.26
fixed
suse enterprise workstation 12 SP5
2.8.18-9.3.26
fixed
suse enterprise workstation 15
2.8.22-3.42
fixed
suse enterprise workstation 15 SP1
2.8.22-3.42
fixed
suse enterprise workstation 15 SP2
2.10.12-1.100
fixed
suse enterprise workstation 15 SP3
2.10.12-7.25
fixed
suse enterprise workstation 15 SP4
2.10.30-150400.1.10
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
gimp
RHEL 7
2:2.8.16-3.el7
fixed
gimp-devel
RHEL 7
2:2.8.16-3.el7
fixed
gimp-devel-tools
RHEL 7
2:2.8.16-3.el7
fixed
gimp-help
RHEL 7
0:2.8.2-1.el7
fixed
gimp-help-ca
RHEL 7
0:2.8.2-1.el7
fixed
gimp-help-da
RHEL 7
0:2.8.2-1.el7
fixed
gimp-help-de
RHEL 7
0:2.8.2-1.el7
fixed
gimp-help-el
RHEL 7
0:2.8.2-1.el7
fixed
gimp-help-en
RHEL 7
0:2.8.2-1.el7
fixed
gimp-help-es
RHEL 7
0:2.8.2-1.el7
fixed
gimp-help-fr
RHEL 7
0:2.8.2-1.el7
fixed
gimp-help-it
RHEL 7
0:2.8.2-1.el7
fixed
gimp-help-ja
RHEL 7
0:2.8.2-1.el7
fixed
gimp-help-ko
RHEL 7
0:2.8.2-1.el7
fixed
gimp-help-nl
RHEL 7
0:2.8.2-1.el7
fixed
gimp-help-nn
RHEL 7
0:2.8.2-1.el7
fixed
gimp-help-pt
RHEL 7
0:2.8.2-1.el7
fixed
gimp-help-ru
RHEL 7
0:2.8.2-1.el7
fixed
gimp-help-sl
RHEL 7
0:2.8.2-1.el7
fixed
gimp-help-sv
RHEL 7
0:2.8.2-1.el7
fixed
gimp-help-zh
RHEL 7
0:2.8.2-1.el7
fixed
gimp-libs
RHEL 7
2:2.8.16-3.el7
fixed
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-updates/2016-07/msg00005.html
http://rhn.redhat.com/errata/RHSA-2016-2589.html
http://www.debian.org/security/2016/dsa-3612
http://www.securityfocus.com/bid/91425
http://www.securitytracker.com/id/1036226
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.431987
http://www.ubuntu.com/usn/USN-3025-1
https://bugzilla.gnome.org/show_bug.cgi?id=767873
https://git.gnome.org/browse/gimp/commit/?id=e82aaa4b4ee0703c879e35ea9321fff6be3e9b6f
http://lists.opensuse.org/opensuse-updates/2016-07/msg00005.html
http://rhn.redhat.com/errata/RHSA-2016-2589.html
http://www.debian.org/security/2016/dsa-3612
http://www.securityfocus.com/bid/91425
http://www.securitytracker.com/id/1036226
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.431987
http://www.ubuntu.com/usn/USN-3025-1
https://bugzilla.gnome.org/show_bug.cgi?id=767873
https://git.gnome.org/browse/gimp/commit/?id=e82aaa4b4ee0703c879e35ea9321fff6be3e9b6f