{"id":"USN-8057-1","summary":"gimp vulnerabilities","details":"Hanno Böck discovered that GIMP allocated FLI images using only the\ninformation present in the file header, which allowed for a maliciously-\ncrafted file to cause out-of-bounds writes. An attacker could possibly use\nthis issue to cause a denial of service or execute arbitrary code. This\nissue only affected Ubuntu 16.04 LTS. (CVE-2017-17785)\n\nMichael Randrianantenaina discovered that that opening a maliciously\ncrafted FLI file could cause GIMP to index out-of-bounds. An attacker could\npossibly use this issue to cause a denial or service or execute arbitrary\ncode. (CVE-2025-2761)\n\nIt was discovered that opening a maliciously-crafted DCM file could cause\nGIMP to index out-of-bounds. An attacker could possibly use this issue to\ncause a denial of service or execute arbitrary code. (CVE-2025-10922)\n\nIt was discovered that GIMP's JP2 parser did not account for precision when\nallocating an image buffer. An attacker could possibly use this to cause a\ndenial of service or execute arbitrary code when a maliciously crafted file\nis opened. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and\nUbuntu 24.04 LTS. (CVE-2025-14425)\n\nIt was discovered that GIMP's PSP parser erroneously queried the color\nchannels of a greyscale image, which resulted in an invalid memory pointer.\nAn attacker could possibly use this to cause a denial of service or execute\narbitrary code when a maliciously-crafted file is opened. This issue only\naffected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2025-15059)","modified":"2026-04-27T18:17:16.816415654Z","published":"2026-02-23T20:09:36Z","related":["UBUNTU-CVE-2017-17785","UBUNTU-CVE-2025-10922","UBUNTU-CVE-2025-14425","UBUNTU-CVE-2025-15059","UBUNTU-CVE-2025-2761"],"upstream":["CVE-2017-17785","CVE-2025-10922","CVE-2025-14425","CVE-2025-15059","CVE-2025-2761","UBUNTU-CVE-2017-17785","UBUNTU-CVE-2025-10922","UBUNTU-CVE-2025-14425","UBUNTU-CVE-2025-15059","UBUNTU-CVE-2025-2761"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-8057-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-17785"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-2761"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-10922"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-14425"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-15059"}],"affected":[{"package":{"name":"gimp","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/gimp@2.8.16-1ubuntu1.1+esm1?arch=source&distro=esm-apps/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.8.16-1ubuntu1.1+esm1"}]}],"versions":["2.8.14-1ubuntu2","2.8.14-1.2ubuntu1","2.8.16-1ubuntu1","2.8.16-1ubuntu1.1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"2.8.16-1ubuntu1.1+esm1","binary_name":"gimp"},{"binary_version":"2.8.16-1ubuntu1.1+esm1","binary_name":"gimp-data"},{"binary_version":"2.8.16-1ubuntu1.1+esm1","binary_name":"libgimp2.0"}]},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2017-17785","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2025-2761","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2025-10922","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2025-14425","severity":[{"score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:Pro:16.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8057-1.json"}},{"package":{"name":"gimp","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/gimp@2.8.22-1ubuntu0.1~esm1?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.8.22-1ubuntu0.1~esm1"}]}],"versions":["2.8.20-1","2.8.20-1.1","2.8.20-2","2.8.22-1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"2.8.22-1ubuntu0.1~esm1","binary_name":"gimp"},{"binary_version":"2.8.22-1ubuntu0.1~esm1","binary_name":"gimp-data"},{"binary_version":"2.8.22-1ubuntu0.1~esm1","binary_name":"libgimp2.0"}]},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2025-2761","severity":[{"score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2025-10922","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2025-14425","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:Pro:18.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8057-1.json"}},{"package":{"name":"gimp","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/gimp@2.10.18-1ubuntu0.1+esm1?arch=source&distro=esm-apps/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.10.18-1ubuntu0.1+esm1"}]}],"versions":["2.10.8-2","2.10.14-2","2.10.14-2build1","2.10.14-2ubuntu1","2.10.14-3","2.10.18-1","2.10.18-1ubuntu0.1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"2.10.18-1ubuntu0.1+esm1","binary_name":"gimp"},{"binary_version":"2.10.18-1ubuntu0.1+esm1","binary_name":"gimp-data"},{"binary_version":"2.10.18-1ubuntu0.1+esm1","binary_name":"libgimp2.0"}]},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2025-2761","severity":[{"score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2025-10922","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2025-14425","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:Pro:20.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8057-1.json"}},{"package":{"name":"gimp","ecosystem":"Ubuntu:Pro:22.04:LTS","purl":"pkg:deb/ubuntu/gimp@2.10.30-1ubuntu0.1+esm1?arch=source&distro=esm-apps/jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.10.30-1ubuntu0.1+esm1"}]}],"versions":["2.10.24-2","2.10.28-1","2.10.30-1","2.10.30-1build1","2.10.30-1ubuntu0.1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"2.10.30-1ubuntu0.1+esm1","binary_name":"gimp"},{"binary_version":"2.10.30-1ubuntu0.1+esm1","binary_name":"gimp-data"},{"binary_version":"2.10.30-1ubuntu0.1+esm1","binary_name":"libgimp2.0"}]},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2025-2761","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2025-10922","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2025-14425","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2025-15059","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:Pro:22.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8057-1.json"}},{"package":{"name":"gimp","ecosystem":"Ubuntu:Pro:24.04:LTS","purl":"pkg:deb/ubuntu/gimp@2.10.36-3ubuntu0.24.04.1+esm1?arch=source&distro=esm-apps/noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.10.36-3ubuntu0.24.04.1+esm1"}]}],"versions":["2.10.34-1","2.10.36-1","2.10.36-2","2.10.36-3build2","2.10.36-3build3","2.10.36-3ubuntu0.24.04.1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"2.10.36-3ubuntu0.24.04.1+esm1","binary_name":"gimp"},{"binary_version":"2.10.36-3ubuntu0.24.04.1+esm1","binary_name":"gimp-data"},{"binary_version":"2.10.36-3ubuntu0.24.04.1+esm1","binary_name":"libgimp2.0t64"}]},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2025-2761","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2025-10922","severity":[{"score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2025-14425","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2025-15059","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:Pro:24.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8057-1.json"}}],"schema_version":"1.7.5"}