#VU66706 Improper Handling of Exceptional Conditions in Gimp - CVE-2022-32990

Cybersecurity Help s.r.o.

Published: 2022-08-23

Vulnerability identifier: #VU66706

Vulnerability risk: Low

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-32990

CWE-ID: CWE-755

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Gimp
Client/Desktop applications / Multimedia software

Vendor: Gimp Team

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to unhandled exception within the gimp_layer_invalidate_boundary() function. A remote attacker can trick the victim to open a specially crafted XCF file and crash the application.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Gimp: 2.10.0 - 2.10.30

External links
https://gitlab.gnome.org/GNOME/gimp/-/issues/8230

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Gentoo update for GIMP

Ubuntu update for gimp

Red Hat Enterprise Linux 9 update for gimp

Multiple vulnerabilities in Oracle Linux

SUSE update for gimp

Multiple vulnerabilities in Gimp