gimp: GIMP: Remote Code Execution via XPM File Parsing Integer Overflow

A flaw was found in GIMP. Remote attackers can exploit this vulnerability by tricking a user into opening a malicious XPM X PixMap image file. This can lead to an an integer overflow during file processing, allowing the attacker to execute arbitrary code on the affected system...

gimp: GIMP: Remote Code Execution via XPM File Parsing Integer Overflow

A flaw was found in GIMP. Remote attackers can exploit this vulnerability by tricking a user into opening a malicious XPM X PixMap image file. This can lead to an an integer overflow during file processing, allowing the attacker to execute arbitrary code on the affected system...

CLSA-2026-1778861508 gimp: Fix of 2 CVEs

CVE-2026-4153: fix heap-based buffer overflow in PSP file parser by computing proper linewidth for bit depths 1 and 4 with small widths - CVE-2026-4154: fix integer overflow and buffer overflow in XPM file parser by adding GIMPMAXIMAGESIZE bounds checks and using gtrynew...

JLSEC-2026-284

A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library...

SUSE-SU-2026:1193-1 Security update for gimp

This update for gimp fixes the following issues: - CVE-2026-4150: PSD File Parsing Integer Overflow Remote Code Execution Vulnerability bsc1259979. - CVE-2026-4153: PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability bsc1259984. - CVE-2026-4154: XPM File Parsing Intege...

CLSA-2026-1773999754 Fix CVE(s): CVE-2026-25898

SECURITY UPDATE: global buffer overflow read via negative pixel index in UIL and XPM image encoders - debian/patches/CVE-2026-25898.patch: clamp negative pixel index values to zero in WriteUILImage, WritePICONImage, and WriteXPMImage before using them as array subscripts into the Cixel table. -...

UBUNTU-CVE-2025-32807

A path traversal vulnerability in FusionDirectory before 1.5 allows remote attackers to read arbitrary files on the host that end with .png and .svg or .xpm for some configurations via the icon parameter of a GET request to geticon.php...

libXpm: Multiple Vulnerabilities

Background The X PixMap image format is an extension of the monochrome X BitMap format specified in the X protocol, and is commonly used in traditional X applications. Description Multiple vulnerabilities have been discovered in libXpm. Please review the CVE identifiers referenced below for...

[SECURITY] [DLA 3603-1] libxpm security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3603-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort October 05, 2023 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 3459-1] libxpm security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3459-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès June 20, 2023 https://wiki.debian.org/LTS -...

SUSE CVE-2004-0687

Multiple stack-based buffer overflows in 1 xpmParseColors in parse.c, 2 ParseAndPutPixels in create.c, and 3 ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file...

SUSE CVE-2004-0783

Stack-based buffer overflow in xpmextractcolor io-xpm.c in the XPM image decoder for gtk+ 2.4.4 gtk2 and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in a...

CentOS: Security Advisory for libXpm (CESA-2023:0377)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Memory Corruption

The netpbm packages contain a library of functions which support programs for handling various graphics file formats, including .pbm Portable Bit Map, .pgm Portable Gray Map, .pnm Portable Any Map, .ppm Portable Pixel Map, and others. Two heap-based buffer overflow flaws were found in the embedde...

CentOS 5 / 6 : php / php53 (CESA-2014:1326)

Updated php53 and php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severi...

php, php53 security update

CentOS Errata and Security Advisory CESA-2014:1326 Updated php53 and php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring...

Moderate: Red Hat Security Advisory: php53 and php security update

Updated php53 and php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severi...

gd: NULL pointer dereference in gdImageCreateFromXpm()

A NULL pointer dereference flaw was found in the gdImageCreateFromXpm function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application using gd via a specially crafted X PixMap XPM file...

CentOS Update for netpbm CESA-2011:1811 centos5 x86_64

Check for the Version of netpbm OpenVAS Vulnerability Test CentOS Update for netpbm CESA-2011:1811 centos5 x8664 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

RedHat Update for netpbm RHSA-2011:1811-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...