Debian 11: GIMP Critical Code Execution & DoS Risks DLA-4342-1
debian lts
October 22, 2025
Several vulnerabilities were discovered in GIMP, the GNU Image Manipulation Program, which could result in denial of service or potentially the execution of arbitrary code if malfo...
Topics Covered
Summary
CVE-2025-2760
GIMP XWD File Parsing Integer Overflow Remote Code Execution
Vulnerability. The specific flaw exists within the parsing of XWD
files. The issue results from the lack of proper validation of
user-supplied data, which can result in an integer overflow before
allocating a buffer. An attacker can leverage this vulnerability
to execute code in the context of the current process. Was
ZDI-CAN-25082.
CVE-2025-2761
GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution
Vulnerability. The specific flaw exists within the parsing of FLI
files. The issue results from the lack of proper validation of
user-supplied data, which can result in a write past the end of an
allocated buffer. An attacker can leverage this vulnerability to
execute code in the context of the current process. Was
ZDI-CAN-25100.
CVE-2025-5473
GIMP ICO File Parsing Integer Overflow Remote Code Execution
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: gimp
Version: 2.10.22-4+deb11u3
CVE ID: CVE-2025-2760 CVE-2025-2761 CVE-2025-5473 CVE-2025-6035
Debian Bug: 1105005 1107758 1116459
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!