Debian Gimp vulnerabilities

CVE-2026-2044 [HIGH] CVE-2026-2044: gimp - GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability. ... GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PGM files.

CVE-2026-2048 [HIGH] CVE-2026-2048: gimp - GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. T... GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files.

CVE-2026-2045 [HIGH] CVE-2026-2045: gimp - GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. T... GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files.

CVE-2026-0797 [HIGH] CVE-2026-0797: gimp - GIMP ICO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerabi... GIMP ICO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ICO

CVE-2026-2272 [MEDIUM] CVE-2026-2272: gimp - A flaw was found in GIMP. An integer overflow vulnerability exists when processi... A flaw was found in GIMP. An integer overflow vulnerability exists when processing ICO image files, specifically in the `ico_read_info` and `ico_read_icon` functions. This issue arises because a size calculation for image buffers can wrap around due to a 32-bit integer evaluation, allowing oversized image headers to bypass security checks. A remote attacker could explo

CVE-2026-2047 [HIGH] CVE-2026-2047: gimp - GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerab... GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ICN

CVE-2026-4887 [MEDIUM] CVE-2026-4887: gimp - A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file... A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possible application crash, resulting in a Denial of Service (DoS). Scope: local b

CVE-2026-2239 [LOW] CVE-2026-2239: gimp - A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the fread... A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the fread_pascal_string function when processing a specially crafted PSD (Photoshop Document) file. This occurs because the buffer allocated for a Pascal string is not properly null-terminated, leading to an out-of-bounds read when strlen() is subsequently called. Successfully exploiting this vulnerabi

CVE-2026-2046 [LOW] CVE-2026-2046: gimp bookworm: open bullseye: open forky: resolved (fixed in 3.2.0-1) sid: resolved (fixed in 3.2.0-1) trixie: open

CVE-2026-2271 [LOW] CVE-2026-2271: gimp - A flaw was found in GIMP's PSP (Paint Shop Pro) file parser. A remote attacker c... A flaw was found in GIMP's PSP (Paint Shop Pro) file parser. A remote attacker could exploit an integer overflow vulnerability in the read_creator_block() function by providing a specially crafted PSP image file. This vulnerability occurs when a 32-bit length value from the file is used for memory allocation without proper validation, leading to a heap overflow and an out

CVE-2025-2761 [HIGH] CVE-2025-2761: gimp - GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. T... GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FLI files.

CVE-2025-48797 [HIGH] CVE-2025-48797: gimp - A flaw was found in GIMP when processing certain TGA image files. If a user open... A flaw was found in GIMP when processing certain TGA image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing a heap buffer overflow. Scope: local bookworm: resolved (fixed in 2.10.34-1+deb12u3) bullseye: resolved (fixed in 2.10

CVE-2025-2760 [HIGH] CVE-2025-2760: gimp - GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. This... GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The

CVE-2025-14425 [HIGH] CVE-2025-14425: gimp - GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerabi... GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP

CVE-2025-5473 [HIGH] CVE-2025-5473: gimp - GIMP ICO File Parsing Integer Overflow Remote Code Execution Vulnerability. This... GIMP ICO File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ICO files. The

CVE-2025-14422 [HIGH] CVE-2025-14422: gimp - GIMP PNM File Parsing Integer Overflow Remote Code Execution Vulnerability. This... GIMP PNM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PNM files. T

CVE-2025-10934 [HIGH] CVE-2025-10934: gimp - GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerabi... GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XW

CVE-2025-15059 [HIGH] CVE-2025-15059: gimp - GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerabi... GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PS

CVE-2025-48798 [HIGH] CVE-2025-48798: gimp - A flaw was found in GIMP when processing XCF image files. If a user opens one of... A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues. Scope: local bookworm: resolved (fixed in 2.10.34-1+deb12u3) bullseye: resolved (fixed in 2.10.22-4+deb

CVE-2025-10922 [HIGH] CVE-2025-10922: gimp - GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerabi... GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DC