{"id":"DEBIAN-CVE-2013-1978","details":"Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window System (XWD) image dump with more colors than color map entries.","modified":"2026-04-28T20:12:29.814932Z","published":"2013-12-12T18:55:10.757Z","upstream":["CVE-2013-1978"],"references":[{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2013-1978"}],"affected":[{"package":{"name":"gimp","ecosystem":"Debian:11","purl":"pkg:deb/debian/gimp?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.8.10-0.1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2013-1978.json"}},{"package":{"name":"gimp","ecosystem":"Debian:12","purl":"pkg:deb/debian/gimp?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.8.10-0.1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2013-1978.json"}},{"package":{"name":"gimp","ecosystem":"Debian:13","purl":"pkg:deb/debian/gimp?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.8.10-0.1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2013-1978.json"}},{"package":{"name":"gimp","ecosystem":"Debian:14","purl":"pkg:deb/debian/gimp?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.8.10-0.1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2013-1978.json"}}],"schema_version":"1.7.5"}