Search for packages
| purl | pkg:deb/debian/gimp@2.10.22-4%2Bdeb11u2 |
| Next non-vulnerable version | 2.10.34-1+deb12u10 |
| Latest non-vulnerable version | 3.2.2-1 |
| Risk | 4.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1hm4-srhz-tqhb
Aliases: CVE-2026-2046 |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
|
VCID-1w47-u2aa-8uaj
Aliases: CVE-2026-2045 |
gimp: GIMP: Remote Code Execution via out-of-bounds write in XWD file parsing |
Affected by 10 other vulnerabilities. |
|
VCID-2k57-pmhe-9uds
Aliases: CVE-2025-2761 |
GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FLI files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25100. |
Affected by 10 other vulnerabilities. |
|
VCID-2p8s-2h2y-aqg4
Aliases: CVE-2026-2271 |
gimp: GIMP: Denial of service via crafted PSP image file |
Affected by 10 other vulnerabilities. |
|
VCID-2yr2-zppt-47eq
Aliases: CVE-2025-15059 |
gimp: heap-based buffer overflow via specially crafted PSP file |
Affected by 10 other vulnerabilities. |
|
VCID-3sqk-cbwn-tqa7
Aliases: CVE-2022-32990 |
Multiple vulnerabilities have been discovered in GIMP, the worst of which can lead to arbitrary code execution. |
Affected by 10 other vulnerabilities. |
|
VCID-81y4-4cxp-bybu
Aliases: CVE-2025-2760 |
GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25082. |
Affected by 10 other vulnerabilities. |
|
VCID-99yx-7yr3-dfht
Aliases: CVE-2025-5473 |
gimp: GIMP ICO File Parsing Integer Overflow |
Affected by 10 other vulnerabilities. |
|
VCID-9v2z-2myu-bfd3
Aliases: CVE-2026-4154 |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
|
VCID-bhsc-qy1f-27dj
Aliases: CVE-2025-6035 |
gimp: Gimp Integer Overflow |
Affected by 10 other vulnerabilities. |
|
VCID-d967-53mv-13b6
Aliases: CVE-2026-4152 |
GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28863. |
Affected by 10 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-dav9-9ar6-gkbn
Aliases: CVE-2022-30067 |
Multiple vulnerabilities have been discovered in GIMP, the worst of which can lead to arbitrary code execution. |
Affected by 10 other vulnerabilities. |
|
VCID-dkmg-nu4f-xbay
Aliases: CVE-2026-4150 |
Affected by 10 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
|
VCID-dtpr-ndvm-5udg
Aliases: CVE-2025-48797 |
gimp: Multiple heap buffer overflows in TGA parser |
Affected by 10 other vulnerabilities. |
|
VCID-fraw-9hj8-vbhs
Aliases: CVE-2026-40915 |
gimp: GIMP: Heap buffer overflow due to integer overflow in FITS image loader |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-gdxp-wy9y-m3h1
Aliases: CVE-2025-10922 |
gimp: GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
Affected by 10 other vulnerabilities. |
|
VCID-gfzg-1hvp-5ugd
Aliases: CVE-2018-12713 |
gimp: predictable temporary file name in test-xcf.c unit test |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-hj85-sup9-abft
Aliases: CVE-2026-4887 |
gimp: GIMP:Memory disclosure and denial of service via specially crafted PCX image |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-hrab-t25s-5ybg
Aliases: CVE-2025-14425 |
gimp: GIMP: Remote Code Execution via JP2 file parsing heap-based buffer overflow |
Affected by 10 other vulnerabilities. |
|
VCID-jy45-8uuz-y7bf
Aliases: CVE-2026-0797 |
gimp: GIMP: Remote Code Execution via ICO File Parsing Vulnerability |
Affected by 10 other vulnerabilities. |
|
VCID-krn9-65fh-sqgq
Aliases: CVE-2025-48798 |
gimp: Multiple use after free in XCF parser |
Affected by 10 other vulnerabilities. |
|
VCID-ney7-z8qy-kuce
Aliases: CVE-2026-4153 |
Affected by 10 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
|
VCID-qsyr-7tn1-uyhv
Aliases: CVE-2026-2239 |
gimp: GIMP: Application crash (DoS) via crafted PSD file due to heap-buffer-overflow |
Affected by 10 other vulnerabilities. |
|
VCID-rraw-1e9t-x3f3
Aliases: CVE-2026-2048 |
gimp: GIMP: Remote Code Execution via XWD file parsing vulnerability |
Affected by 10 other vulnerabilities. |
|
VCID-tth9-nncy-5qap
Aliases: CVE-2025-14422 |
gimp: GIMP: Remote Code Execution via PNM file parsing integer overflow |
Affected by 10 other vulnerabilities. |
|
VCID-ubet-venh-tqct
Aliases: CVE-2026-2044 |
gimp: GIMP: Remote Code Execution via uninitialized memory in PGM file parsing |
Affected by 10 other vulnerabilities. |
|
VCID-uujf-3fhp-8fgg
Aliases: CVE-2026-2272 |
gimp: GIMP: Memory corruption due to integer overflow in ICO file handling |
Affected by 10 other vulnerabilities. |
|
VCID-va44-vsem-xuf5
Aliases: CVE-2026-4151 |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
|
VCID-wkrp-v537-x3hy
Aliases: CVE-2026-6384 |
gimp: GIMP: Arbitrary code execution or denial of service via buffer overflow in GIF image processing |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-z2up-g7ms-gfg2
Aliases: CVE-2025-10934 |
A vulnerability has been discovered in GIMP, which can lead to execution of arbitrary code. |
Affected by 10 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-bcwp-42cm-g3et | Multiple vulnerabilities have been discovered in GIMP, the worst of which can lead to arbitrary code execution. |
CVE-2023-44444
ZDI-CAN-22097 |
| VCID-eybg-sjmd-q7a2 | Multiple vulnerabilities have been discovered in GIMP, the worst of which can lead to arbitrary code execution. |
CVE-2023-44443
ZDI-CAN-22096 |
| VCID-s17j-j45c-nqgs | Multiple vulnerabilities have been discovered in GIMP, the worst of which can lead to arbitrary code execution. |
CVE-2023-44441
ZDI-CAN-22093 |
| VCID-ygcy-xz6u-1qav | Multiple vulnerabilities have been discovered in GIMP, the worst of which can lead to arbitrary code execution. |
CVE-2023-44442
ZDI-CAN-22094 |