Packages
- gimp - GNU Image Manipulation Program
Details
Michael Randrianantenaina discovered that calculating the linear size of a
DDS file could overflow on 32-bit systems. An attacker could possibly use
this issue to cause a denial of service or execute arbitrary code. This
issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 24.04
LTS. (CVE-2025-2760)
Michael Randrianantenaina discovered that GIMP did not perform any bounds
checking when calculating an offset into XWD Colormaps. An attacker could
possibly use this issue to cause a denial of service or execute arbitrary
code. (CVE-2025-10934)
It was discovered that GIMP's PNM loader did not sufficiently check that
the image could fit within the allocated memory, which could cause GIMP to
read or write out-of-bounds. An attacker could possibly use this issue to
cause a denial of service or execute arbitrary code. (
Michael Randrianantenaina discovered that calculating the linear size of a
DDS file could overflow on 32-bit systems. An attacker could possibly use
this issue to cause a denial of service or execute arbitrary code. This
issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 24.04
LTS. (CVE-2025-2760)
Michael Randrianantenaina discovered that GIMP did not perform any bounds
checking when calculating an offset into XWD Colormaps. An attacker could
possibly use this issue to cause a denial of service or execute arbitrary
code. (CVE-2025-10934)
It was discovered that GIMP's PNM loader did not sufficiently check that
the image could fit within the allocated memory, which could cause GIMP to
read or write out-of-bounds. An attacker could possibly use this issue to
cause a denial of service or execute arbitrary code. (CVE-2025-14422)
It was discovered that maliciously-crafted TGA files could cause memory
corruption and leave GIMP in an inconsistent state. An attacker could
possibly use this issue to cause a denial of service or execute arbitrary
code. (CVE-2025-48797)
It was discovered that a maliciously-crafted XCF file could cause GIMP to
free the same memory region twice, or access an already freed address. An
attacker could possibly use this issue to cause a denial of service or
execute arbitrary code. (CVE-2025-48798)
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 24.04 LTS noble | gimp – 2.10.36-3ubuntu0.24.04.1+esm2 | ||
| libgimp2.0t64 – 2.10.36-3ubuntu0.24.04.1+esm2 | |||
| 22.04 LTS jammy | gimp – 2.10.30-1ubuntu0.1+esm2 | ||
| libgimp2.0 – 2.10.30-1ubuntu0.1+esm2 | |||
| 20.04 LTS focal | gimp – 2.10.18-1ubuntu0.1+esm2 | ||
| libgimp2.0 – 2.10.18-1ubuntu0.1+esm2 | |||
| 18.04 LTS bionic | gimp – 2.8.22-1ubuntu0.1~esm2 | ||
| libgimp2.0 – 2.8.22-1ubuntu0.1~esm2 | |||
| 16.04 LTS xenial | gimp – 2.8.16-1ubuntu1.1+esm2 | ||
| libgimp2.0 – 2.8.16-1ubuntu1.1+esm2 | |||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.