Ubuntu alert USN-8075-1 (gimp)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-8075-1] GIMP vulnerabilities | |
| Date: | Wed, 04 Mar 2026 19:37:50 +0000 | |
| Message-ID: | <E1vxs2Y-0003eX-Qt@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-8075-1 March 04, 2026 gimp vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in GIMP. Software Description: - gimp: GNU Image Manipulation Program Details: Michael Randrianantenaina discovered that calculating the linear size of a DDS file could overflow on 32-bit systems. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. (CVE-2025-2760) Michael Randrianantenaina discovered that GIMP did not perform any bounds checking when calculating an offset into XWD Colormaps. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-10934) It was discovered that GIMP's PNM loader did not sufficiently check that the image could fit within the allocated memory, which could cause GIMP to read or write out-of-bounds. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-14422) It was discovered that maliciously-crafted TGA files could cause memory corruption and leave GIMP in an inconsistent state. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-48797) It was discovered that a maliciously-crafted XCF file could cause GIMP to free the same memory region twice, or access an already freed address. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-48798) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS gimp 2.10.36-3ubuntu0.24.04.1+esm2 Available with Ubuntu Pro libgimp2.0t64 2.10.36-3ubuntu0.24.04.1+esm2 Available with Ubuntu Pro Ubuntu 22.04 LTS gimp 2.10.30-1ubuntu0.1+esm2 Available with Ubuntu Pro libgimp2.0 2.10.30-1ubuntu0.1+esm2 Available with Ubuntu Pro Ubuntu 20.04 LTS gimp 2.10.18-1ubuntu0.1+esm2 Available with Ubuntu Pro libgimp2.0 2.10.18-1ubuntu0.1+esm2 Available with Ubuntu Pro Ubuntu 18.04 LTS gimp 2.8.22-1ubuntu0.1~esm2 Available with Ubuntu Pro libgimp2.0 2.8.22-1ubuntu0.1~esm2 Available with Ubuntu Pro Ubuntu 16.04 LTS gimp 2.8.16-1ubuntu1.1+esm2 Available with Ubuntu Pro libgimp2.0 2.8.16-1ubuntu1.1+esm2 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8075-1 CVE-2025-10934, CVE-2025-14422, CVE-2025-2760, CVE-2025-48797, CVE-2025-48798
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmmohFYACgkQcpJm3tlz hgGTXRAAz2mgyR80xhODhsktV/PnOFlnwJTyZqwpiI4rDVXKkkqwJ1kdET2LREgQ 4430VNupDAwdtd8J6CDHQSCTWM46X5X11uIwWfSEWHlhR7XbvHHImgwMFfAQYy0L 8WGDvcKIL1o4u62S8yoQRvrxuSwnL35ZJY9a2vByh6lJj7iXG5aMK42pAydKy1lu S2FdVaDjOuZZ/Ieo0U2vW13mnHxCxQGjNNT6bG0TBuN1dGCe9epgAe3HHIyaMCuv nWcXB4gXYXwT+Djds3pWvu6mQ1bak1fKZfJRvtr2ng7PmZi1xO79KKhP/5dnhMtL kO5T1e0VKPOeJzYxy4k8b86V+v+GxoxJ/Eilwx5BvUwYjTHGFhhwf+9RZ5f+3s4X B1Us5O6qtFws05ROZcqSD4p30D8VeyEuuOxpjOcOA48cOspqzyQFM5Ct38U68IhU iR1D+lGV94UtlsSgUydsgKrJGIz+O/cm89Ry1Hyp/9jUPqzp7r/PIwbXPlWA3USt aJzA2JPtg7URkiDKJe9NHPRaKkD+qMBKX+MeMuPakUalun1RVe3R5auSO4LwZaPF V0MC7TsJrwKMLF8WxRzjYneujCU/N0PdYVC9E2IRaLSRb6kUtMGXiYHqN5W5zgnM /3Pp/GyGwaWqNeYOvHsC7hhTQG9m3PdC0PWFDTuUo4nEJOFrUq8= =EZG/ -----END PGP SIGNATURE-----