EUVD-2026-23024

A flaw was found in GIMP. This vulnerability, a heap buffer over-read in the icnsslurp function, occurs when processing specially crafted ICNS image files. An attacker could provide a malicious ICNS file, potentially leading to application crashes or information disclosure on systems that process...

EUVD-2026-16339

A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the freadpascalstring function when processing a specially crafted PSD Photoshop Document file. This occurs because the buffer allocated for a Pascal string is not properly null-terminated, leading to an out-of-bounds read whe...

CVE-2026-4887

A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possible...

gimp: heap-based buffer overflow via specially crafted PSP file

A flaw was found in GIMP. Opening a specially crafted PSP file with GIMP can cause a heap-based buffer overflow due to improper input validation of the length of user-supplied data. An attacker can exploit this vulnerability by convincing a user to open a specially crafted PSP file, resulting in ...

gimp: GIMP: Remote Code Execution via PNM file parsing integer overflow

A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability during the parsing of a malicious PNM Portable Anymap image file. This issue stems from insufficient validation of user-supplied data, which can lead to an integer overflow before memory allocation...

CVE-2025-48798

A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues...

DEBIAN-CVE-2025-48797

A flaw was found in GIMP when processing certain TGA image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing a heap buffer overflow...

CVE-2025-48796

A flaw was found in GIMP. The GIMP aniloadimage function is vulnerable to a stack-based overflow. If a user opens.ANI files, GIMP may be used to store more information than the capacity allows. This flaw allows a malicious ANI file to trigger arbitrary code execution...

CVE-2025-48798

Summary (CVE-2025-48798) : GIMP processing XCF files is vulnerable to memory errors, including use-after-free, triggered by specially crafted images. Connected advisories confirm multiple related GIMP in Xen parsers (XCF/TGA/ICO) vulnerabilities (e.g., CVE-2025-48797, CVE-2025-48798, CVE-2025-547...

CVE-2025-48797

GIMP is affected by CVE-2025-48797 due to a flaw in the TGA parser that can trigger memory errors and potentially cause a heap buffer overflow when opening specially crafted TGA files. Public advisories (e.g., Mageia MGASA-2026-0012 and Debian DSA-5939-1) confirm multiple GIMP parsing vulnerabili...