Home / mailingsPDF  

[USN-8075-1] GIMP vulnerabilities

Posted on 04 March 2026
Ubuntu Security

==========================================================================Ubuntu Security Notice USN-8075-1
March 04, 2026

gimp vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in GIMP.

Software Description:
- gimp: GNU Image Manipulation Program

Details:

Michael Randrianantenaina discovered that calculating the linear size of a
DDS file could overflow on 32-bit systems. An attacker could possibly use
this issue to cause a denial of service or execute arbitrary code. This
issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 24.04
LTS. (CVE-2025-2760)

Michael Randrianantenaina discovered that GIMP did not perform any bounds
checking when calculating an offset into XWD Colormaps. An attacker could
possibly use this issue to cause a denial of service or execute arbitrary
code. (CVE-2025-10934)

It was discovered that GIMP's PNM loader did not sufficiently check that
the image could fit within the allocated memory, which could cause GIMP to
read or write out-of-bounds. An attacker could possibly use this issue to
cause a denial of service or execute arbitrary code. (CVE-2025-14422)

It was discovered that maliciously-crafted TGA files could cause memory
corruption and leave GIMP in an inconsistent state. An attacker could
possibly use this issue to cause a denial of service or execute arbitrary
code. (CVE-2025-48797)

It was discovered that a maliciously-crafted XCF file could cause GIMP to
free the same memory region twice, or access an already freed address. An
attacker could possibly use this issue to cause a denial of service or
execute arbitrary code. (CVE-2025-48798)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
gimp 2.10.36-3ubuntu0.24.04.1+esm2
Available with Ubuntu Pro
libgimp2.0t64 2.10.36-3ubuntu0.24.04.1+esm2
Available with Ubuntu Pro

Ubuntu 22.04 LTS
gimp 2.10.30-1ubuntu0.1+esm2
Available with Ubuntu Pro
libgimp2.0 2.10.30-1ubuntu0.1+esm2
Available with Ubuntu Pro

Ubuntu 20.04 LTS
gimp 2.10.18-1ubuntu0.1+esm2
Available with Ubuntu Pro
libgimp2.0 2.10.18-1ubuntu0.1+esm2
Available with Ubuntu Pro

Ubuntu 18.04 LTS
gimp 2.8.22-1ubuntu0.1~esm2
Available with Ubuntu Pro
libgimp2.0 2.8.22-1ubuntu0.1~esm2
Available with Ubuntu Pro

Ubuntu 16.04 LTS
gimp 2.8.16-1ubuntu1.1+esm2
Available with Ubuntu Pro
libgimp2.0 2.8.16-1ubuntu1.1+esm2
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8075-1
CVE-2025-10934, CVE-2025-14422, CVE-2025-2760, CVE-2025-48797,
CVE-2025-48798

--===============8967178347810608566==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature

 

TOP

Mailings :

Exploits :