Debian Gimp vulnerabilities

CVE-2025-6035 [MEDIUM] CVE-2025-6035: gimp - A flaw was found in GIMP. An integer overflow vulnerability exists in the GIMP "... A flaw was found in GIMP. An integer overflow vulnerability exists in the GIMP "Despeckle" plug-in. The issue occurs due to unchecked multiplication of image dimensions, such as width, height, and bytes-per-pixel (img_bpp), which can result in allocating insufficient memory and subsequently performing out-of-bounds writes. This issue could lead to heap corruption, a po

CVE-2025-10920 [HIGH] CVE-2025-10920: gimp - GIMP ICNS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. ... GIMP ICNS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ICNS fil

CVE-2025-10924 [HIGH] CVE-2025-10924: gimp - GIMP FF File Parsing Integer Overflow Remote Code Execution Vulnerability. This ... GIMP FF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FF files. The

CVE-2025-10923 [HIGH] CVE-2025-10923: gimp - GIMP WBMP File Parsing Integer Overflow Remote Code Execution Vulnerability. Thi... GIMP WBMP File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of WBMP files.

CVE-2025-14423 [HIGH] CVE-2025-14423: gimp - GIMP LBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerab... GIMP LBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of L

CVE-2025-48796 [HIGH] CVE-2025-48796: gimp - A flaw was found in GIMP. The GIMP ani_load_image() function is vulnerable to a ... A flaw was found in GIMP. The GIMP ani_load_image() function is vulnerable to a stack-based overflow. If a user opens.ANI files, GIMP may be used to store more information than the capacity allows. This flaw allows a malicious ANI file to trigger arbitrary code execution. Scope: local bookworm: resolved bullseye: resolved forky: resolved (fixed in 3.0.0~RC1-4) sid: res

CVE-2025-10925 [HIGH] CVE-2025-10925: gimp - GIMP ILBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnera... GIMP ILBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of

CVE-2025-14424 [HIGH] CVE-2025-14424: gimp - GIMP XCF File Parsing Use-After-Free Remote Code Execution Vulnerability. This v... GIMP XCF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XCF files. The

CVE-2023-44441 [HIGH] CVE-2023-44441: gimp - GIMP DDS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerabi... GIMP DDS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DD

CVE-2023-44443 [HIGH] CVE-2023-44443: gimp - GIMP PSP File Parsing Integer Overflow Remote Code Execution Vulnerability. This... GIMP PSP File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSP files. T

CVE-2023-44444 [HIGH] CVE-2023-44444: gimp - GIMP PSP File Parsing Off-By-One Remote Code Execution Vulnerability. This vulne... GIMP PSP File Parsing Off-By-One Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSP files. Crafted

CVE-2023-44442 [HIGH] CVE-2023-44442: gimp - GIMP PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerabi... GIMP PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PS

CVE-2022-32990 [MEDIUM] CVE-2022-32990: gimp - An issue in gimp_layer_invalidate_boundary of GNOME GIMP 2.10.30 allows attacker... An issue in gimp_layer_invalidate_boundary of GNOME GIMP 2.10.30 allows attackers to trigger an unhandled exception via a crafted XCF file, causing a Denial of Service (DoS). Scope: local bookworm: resolved (fixed in 2.10.32-1) bullseye: open forky: resolved (fixed in 2.10.32-1) sid: resolved (fixed in 2.10.32-1) trixie: resolved (fixed in 2.10.32-1)

CVE-2022-30067 [MEDIUM] CVE-2022-30067: gimp - GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Through a crafted XC... GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Through a crafted XCF file, the program will allocate for a huge amount of memory, resulting in insufficient memory or program crash. Scope: local bookworm: resolved (fixed in 2.10.32-1) bullseye: resolved (fixed in 2.10.22-4+deb11u5) forky: resolved (fixed in 2.10.32-1) sid: resolved (fixed in 2.10.32-1) tr

CVE-2018-12713 [CRITICAL] CVE-2018-12713: gimp - GIMP through 2.10.2 makes g_get_tmp_dir calls to establish temporary filenames, ... GIMP through 2.10.2 makes g_get_tmp_dir calls to establish temporary filenames, which may result in a filename that already exists, as demonstrated by the gimp_write_and_read_file function in app/tests/test-xcf.c. This might be leveraged by attackers to overwrite files or read file content that was intended to be private. Scope: local bookworm: open bullseye: open

CVE-2017-17789 [HIGH] CVE-2017-17789: gimp - In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in pl... In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c. Scope: local bookworm: resolved (fixed in 2.8.20-1.1) bullseye: resolved (fixed in 2.8.20-1.1) forky: resolved (fixed in 2.8.20-1.1) sid: resolved (fixed in 2.8.20-1.1) trixie: resolved (fixed in 2.8.20-1.1)

CVE-2017-17785 [HIGH] CVE-2017-17785: gimp - In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun funct... In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c. Scope: local bookworm: resolved (fixed in 2.8.20-1.1) bullseye: resolved (fixed in 2.8.20-1.1) forky: resolved (fixed in 2.8.20-1.1) sid: resolved (fixed in 2.8.20-1.1) trixie: resolved (fixed in 2.8.20-1.1)

CVE-2017-17788 [MEDIUM] CVE-2017-17788: gimp - In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in ap... In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when there is no '\0' character after the version string. Scope: local bookworm: resolved (fixed in 2.8.20-1.1) bullseye: resolved (fixed in 2.8.20-1.1) forky: resolved (fixed in 2.8.20-1.1) sid: resolved (fixed in 2.8.20-1.1) trixie: resolved (fixed in 2.8.20-1.1)

CVE-2017-17784 [HIGH] CVE-2017-17784: gimp - In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins... In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data. Scope: local bookworm: resolved (fixed in 2.8.20-1.1) bullseye: resolved (fixed in 2.8.20-1.1) forky: resolved (fixed in 2.8.20-1.1) sid: resolved (fixed in 2.8.20-1.1) trixie: resolved (fixed in 2.8.20-1.1)

CVE-2017-17786 [HIGH] CVE-2017-17786: gimp - In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in plug-ins/... In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in plug-ins/common/file-tga.c (related to bgr2rgb.part.1) via an unexpected bits-per-pixel value for an RGBA image. Scope: local bookworm: resolved (fixed in 2.8.20-1.1) bullseye: resolved (fixed in 2.8.20-1.1) forky: resolved (fixed in 2.8.20-1.1) sid: resolved (fixed in 2.8.20-1.1) trixie: resolved (