CVE-2026-2239

A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the freadpascalstring function when processing a specially crafted PSD Photoshop Document file. This occurs because the buffer allocated for a Pascal string is not properly null-terminated, leading to an out-of-bounds read whe...

CVE-2026-2239

A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the freadpascalstring function when processing a specially crafted PSD Photoshop Document file. This occurs because the buffer allocated for a Pascal string is not properly null-terminated, leading to an out-of-bounds read whe...

Fedora: Security Advisory (FEDORA-2026-aecd3809f1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 42 : gimp (2026-aecd3809f1)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-aecd3809f1 advisory. This is a security update fixing the loader for PSD files. Tenable has extracted the preceding description block directly from the Fedora security advisory...

Medium: gimp

Issue Overview: GIMP: PSD loader: heap-buffer-overflow in freadpascalstring no null terminator CVE-2026-2239 An integer overflow vulnerability has been identified in the PSP Paint Shop Pro file parser of GIMP. The issue occurs in the readcreatorblock function, where the Creator metadata block is...

Amazon Linux 2 : gimp, --advisory ALAS2GIMP-2026-011 (ALASGIMP-2026-011)

The version of gimp installed on the remote host is prior to 2.8.22-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2GIMP-2026-011 advisory. GIMP: PSD loader: heap-buffer-overflow in freadpascalstring no null terminator CVE-2026-2239 An integer overflow...

Fedora: Security Advisory (FEDORA-2026-3e21dad421)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 43 : gimp (2026-3e21dad421)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3e21dad421 advisory. This is a security update fixing the loader for PSD files. Tenable has extracted the preceding description block directly from the Fedora security advisory...

DEBIAN-CVE-2009-3909

Integer overflow in the readchanneldata function in plug-ins/file-psd/psd-load.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a crafted PSD file that triggers a heap-based buffer overflow...