Skip to main content

Gimp CVE-2013-1978

MEDIUM
Out-of-bounds Write (CWE-787)
2013-12-12 secalert@redhat.com
6.8
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:P/I:P/A:P
Attack Vector
Network
Attack Complexity
M
Confidentiality
P
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
Dec 12, 2013 - 18:55 cve.org
MEDIUM 6.8

DescriptionCVE.org

Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window System (XWD) image dump with more colors than color map entries.

AnalysisAI

Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window System (XWD) image dump with more colors than color map entries. Affected products include: Gimp, Redhat Enterprise Linux.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

More in Gimp

View all
CVE-2012-2763 HIGH POC
7.5 Jul 12

Buffer overflow in the readstr_upto function in plug-ins/script-fu/tinyscheme/scheme.c in GIMP 2.6.12 and earlier, and p

CVE-2012-5576 HIGH POC
7.5 Dec 18

Multiple stack-based buffer overflows in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.8.2 allow remote attack

CVE-2017-17789 HIGH POC
7.8 Dec 20

In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c. Rated high sev

CVE-2012-3236 MEDIUM POC
4.3 Jul 12

fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and applic

CVE-2022-32990 MEDIUM POC
5.5 Jun 24

An issue in gimp_layer_invalidate_boundary of GNOME GIMP 2.10.30 allows attackers to trigger an unhandled exception via

CVE-2022-30067 MEDIUM POC
5.5 May 17

GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Rated medium severity (CVSS 5.5), this vulnerability is no a

CVE-2018-12713 CRITICAL
9.1 Jun 24

GIMP through 2.10.2 makes g_get_tmp_dir calls to establish temporary filenames, which may result in a filename that alre

CVE-2025-5473 HIGH
8.8 Jun 06

Critical remote code execution vulnerability in GIMP's ICO file parser caused by an integer overflow (CWE-190) that lack

CVE-2026-2044 HIGH
8.8 Feb 20

Remote code execution in GIMP 3.0.6 allows attackers to run arbitrary code by tricking a user into opening a malicious P

CVE-2026-0797 HIGH
8.8 Feb 20

Remote code execution in GIMP 3.2.0-rc1 lets attackers run arbitrary code by tricking a user into opening a malicious IC

CVE-2016-4994 HIGH
7.8 Jul 12

Use-after-free vulnerability in the xcf_load_image function in app/xcf/xcf-load.c in GIMP allows remote attackers to cau

CVE-2026-2050 HIGH
7.8 Jun 24

Arbitrary code execution in GIMP results from a heap-based buffer overflow in the HDR file parser, where attacker-contro

Share

CVE-2013-1978 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy