Debian 11: GIMP Critical Buffer Overflow & Remote Code Exec DLA-4431-1
debian lts
January 2, 2026
Several vulnerabilities were discovered in GIMP, the GNU Image Manipulation Program, which could result in buffer overflows and potentially the execution of arbitrary code if malfo...
Topics Covered
Summary
CVE-2022-30067
GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Through a
crafted XCF file, the program will allocate for a huge amount of memory,
resulting in insufficient memory or program crash.
CVE-2025-14422
GIMP PNM File Parsing Integer Overflow Remote Code Execution
Vulnerability.
This vulnerability allows remote attackers to execute arbitrary code on
affected installations of GIMP. User interaction is required to exploit
this vulnerability in that the target must visit a malicious page or
open a malicious file. The specific flaw exists within the parsing of
PNM files. The issue results from the lack of proper validation of
user-supplied data, which can result in an integer overflow before
allocating a buffer. An attacker can leverage this vulnerability to
execute code in the context of the current process. Was ZDI-CAN-28273.
CVE-2025-14425
GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution
Vulnerability.
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: gimp
Version: 2.10.22-4+deb11u5
CVE ID: CVE-2022-30067 CVE-2025-14422 CVE-2025-14425
Debian Bug:
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!