Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Mageia 9: gimp Critical Remote Code Execution Vuln MGASA-2026-0012

mageia
Calendar Grey January 17, 2026
Dist Mageia Esm H88
Updated gimp packages in Mageia address multiple security issues, including remote code execution vulnerabilities.
MGASA-2026-0012 - Updated gimp packages fix security vulnerabilities

Summary

Description: XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. (CVE-2025-2760) FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. (CVE-2025-2761) Multiple heap buffer overflows in tga parser. (CVE-2025-48797) Multiple use after free in xcf parser. (CVE-2025-48798) XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. (CVE-2025-10934) PNM File Parsing Integer Overflow Remote Code Execution Vulnerability. (CVE-2025-14422) JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. (CVE-2025-14425)

References

- https://bugs.mageia.org/show_bug.cgi?id=34363

- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/DVVZTOVQSBY5ON5P7HYQIXK2OLMSUEH5/

- https://lists.debian.org/debian-lts-announce/2025/11/msg00005.html

- https://lists.debian.org/debian-security-announce/2025/msg00103.html

- https://lists.debian.org/debian-security-announce/2026/msg00001.html

- https://www.cve.org/CVERecord?id=CVE-2025-2760

- https://www.cve.org/CVERecord?id=CVE-2025-2761

- https://www.cve.org/CVERecord?id=CVE-2025-48797

- https://www.cve.org/CVERecord?id=CVE-2025-48798

- https://www.cve.org/CVERecord?id=CVE-2025-10934

- https://www.cve.org/CVERecord?id=CVE-2025-14422

- https://www.cve.org/CVERecord?id=CVE-2025-14425

Topics%20covered

Topics Covered

security advisory buffer overflow remote code execution integer overflow GIMP Mageia

Resolution

SRPMS

- 9/core/gimp-2.10.36-1.1.mga9

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 17 Jan 2026
URL: https://advisories.mageia.org/MGASA-2026-0012.html
Type: security
CVE: CVE-2025-2760, CVE-2025-2761, CVE-2025-48797, CVE-2025-48798, CVE-2025-10934, CVE-2025-14422, CVE-2025-14425

Topics%20covered

Topics Covered

security advisory buffer overflow remote code execution integer overflow GIMP Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here