OESA-2025-2363

The GIMP is an image composition and editing program, which can be used for creating logos and other graphics for Web pages. The GIMP offers many tools and filters, and provides a large image manipulation toolbox, including channel operations and layers, effects, subpixel imaging and antialiasing, and conversions, together with multilevel undo. The GIMP offers a scripting facility, but many of the included scripts rely on fonts that we cannot distribute.

Security Fix(es):

A vulnerability was found in GIMP (Image Processing Software) that has been declared as critical. The CWE definition for the vulnerability is CWE-787 (Out-of-bounds Write). The product writes data past the end, or before the beginning, of the intended buffer. As an impact it is known to affect confidentiality, integrity, and availability. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.(CVE-2025-10920)

A critical vulnerability was found in GIMP (Image Processing Software) involving CWE-122 heap-based buffer overflow. Attackers can trigger buffer overflow in heap memory through specially crafted DCM files, impacting confidentiality, integrity, and availability.(CVE-2025-10922)

A critical vulnerability was found in GIMP (Image Processing Software). The vulnerability involves CWE-190 integer overflow issue, where the product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control. Impact includes confidentiality, integrity, and availability.(CVE-2025-10923)

A vulnerability was found in GIMP (Image Processing Software) (unknown version). It has been classified as critical. CWE is classifying the issue as CWE-190. The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control. This is going to have an impact on confidentiality, integrity, and availability. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.(CVE-2025-10924)

A critical vulnerability was found in GIMP (Image Processing Software) (affected version not known). The issue is classified as CWE-121 (Stack-based Buffer Overflow). A stack-based buffer overflow condition occurs when the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). This impacts confidentiality, integrity, and availability. Applying a patch can eliminate this problem, and the bugfix is available for download at gitlab.gnome.org.(CVE-2025-10925)