Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u8
purl pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u8
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (10)
Vulnerability Summary Aliases
VCID-1hm4-srhz-tqhb CVE-2026-2046
VCID-9v2z-2myu-bfd3 CVE-2026-4154
VCID-d967-53mv-13b6 GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28863. CVE-2026-4152
VCID-dkmg-nu4f-xbay CVE-2026-4150
VCID-fraw-9hj8-vbhs gimp: GIMP: Heap buffer overflow due to integer overflow in FITS image loader CVE-2026-40915
VCID-hj85-sup9-abft gimp: GIMP:Memory disclosure and denial of service via specially crafted PCX image CVE-2026-4887
VCID-ney7-z8qy-kuce CVE-2026-4153
VCID-rw3k-nfe2-4qd2 gimp: GIMP ILBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability CVE-2025-10925
VCID-va44-vsem-xuf5 CVE-2026-4151
VCID-wkrp-v537-x3hy gimp: GIMP: Arbitrary code execution or denial of service via buffer overflow in GIF image processing CVE-2026-6384

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-21T17:35:30.566103+00:00 Debian Importer Fixing VCID-wkrp-v537-x3hy https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-21T17:03:59.132237+00:00 Debian Importer Fixing VCID-ney7-z8qy-kuce https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-21T16:26:38.988118+00:00 Debian Importer Fixing VCID-hj85-sup9-abft https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-21T16:16:02.188937+00:00 Debian Importer Fixing VCID-dkmg-nu4f-xbay https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-21T16:10:45.412726+00:00 Debian Importer Fixing VCID-fraw-9hj8-vbhs https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-19T04:27:02.889329+00:00 Debian Importer Fixing VCID-d967-53mv-13b6 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-19T03:35:30.536985+00:00 Debian Importer Fixing VCID-1hm4-srhz-tqhb https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-19T03:33:03.926478+00:00 Debian Importer Fixing VCID-9v2z-2myu-bfd3 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-19T03:15:02.959774+00:00 Debian Importer Fixing VCID-va44-vsem-xuf5 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-19T02:45:14.385193+00:00 Debian Importer Fixing VCID-rw3k-nfe2-4qd2 https://security-tracker.debian.org/tracker/data/json 38.4.0