Debian Package Tracker
Register | Log in
Subscribe

gimp

GNU Image Manipulation Program

Choose email to subscribe with

general
  • source: gimp (main)
  • version: 3.0.4-2
  • maintainer: Debian GNOME Maintainers (archive) (DMD)
  • uploaders: Jordi Mallach [DMD] – Jeremy Bícha [DMD]
  • arch: all any
  • std-ver: 4.7.0
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 2.10.8-2
  • o-o-sec: 2.10.8-2+deb10u1
  • oldstable: 2.10.22-4+deb11u2
  • old-sec: 2.10.22-4+deb11u1
  • stable: 2.10.34-1+deb12u2
  • stable-sec: 2.10.34-1+deb12u1
  • testing: 3.0.2-3.1
  • unstable: 3.0.4-2
versioned links
  • 2.10.8-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2.10.8-2+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2.10.22-4+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2.10.22-4+deb11u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2.10.34-1+deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2.10.34-1+deb12u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 3.0.2-3.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 3.0.4-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • gimp (142 bugs: 0, 99, 43, 0)
  • gimp-data (3 bugs: 0, 2, 1, 0)
  • gir1.2-gimp-3.0
  • libgimp-3.0-0
  • libgimp-3.0-bin
  • libgimp-3.0-dev
  • libgimp-3.0-doc
action needed
6 security issues in bullseye high

There are 6 open security issues in bullseye.

6 important issues:
  • CVE-2025-2760: GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25082.
  • CVE-2025-2761: GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FLI files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25100.
  • CVE-2025-48796: A flaw was found in GIMP. The GIMP ani_load_image() function is vulnerable to a stack-based overflow. If a user opens.ANI files, GIMP may be used to store more information than the capacity allows. This flaw allows a malicious ANI file to trigger arbitrary code execution.
  • CVE-2025-48797: A flaw was found in GIMP when processing certain TGA image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing a heap buffer overflow.
  • CVE-2025-48798: A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues.
  • TEMP-1105005-BC2070:
Created: 2025-04-10 Last update: 2025-05-29 05:00
6 security issues in bookworm high

There are 6 open security issues in bookworm.

6 important issues:
  • CVE-2025-2760: GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25082.
  • CVE-2025-2761: GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FLI files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25100.
  • CVE-2025-48796: A flaw was found in GIMP. The GIMP ani_load_image() function is vulnerable to a stack-based overflow. If a user opens.ANI files, GIMP may be used to store more information than the capacity allows. This flaw allows a malicious ANI file to trigger arbitrary code execution.
  • CVE-2025-48797: A flaw was found in GIMP when processing certain TGA image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing a heap buffer overflow.
  • CVE-2025-48798: A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues.
  • TEMP-1105005-BC2070:
Created: 2025-04-10 Last update: 2025-05-29 05:00
2 bugs tagged patch in the BTS normal
The BTS contains patches fixing 2 bugs, consider including or untagging them.
Created: 2025-01-06 Last update: 2025-06-02 00:30
Does not build reproducibly during testing normal
A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!
Created: 2025-05-17 Last update: 2025-06-02 00:01
lintian reports 28 warnings normal
Lintian reports 28 warnings about this package. You should make the package lintian clean getting rid of them.
Created: 2025-05-20 Last update: 2025-05-20 06:00
debian/patches: 1 patch to forward upstream low

Among the 1 debian patch available in version 3.0.2-3.1 of the package, we noticed the following issues:

  • 1 patch where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.
Created: 2025-05-19 Last update: 2025-05-19 23:01
Build log checks report 1 warning low
Build log checks report 1 warning
Created: 2024-12-12 Last update: 2024-12-12 02:30
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.7.0).
Created: 2025-02-21 Last update: 2025-06-01 21:32
news
[rss feed]
  • [2025-06-01] Accepted gimp 3.0.4-2 (source) into unstable (Jeremy Bícha) (signed by: Jeremy Bicha)
  • [2025-05-29] gimp 3.0.2-3.1 MIGRATED to testing (Debian testing watch)
  • [2025-05-27] Accepted gimp 3.0.4-1 (source) into experimental (Jeremy Bícha) (signed by: Jeremy Bicha)
  • [2025-05-19] Accepted gimp 3.0.2-3.1 (source) into unstable (Salvatore Bonaccorso)
  • [2025-05-16] gimp 3.0.2-3 MIGRATED to testing (Debian testing watch)
  • [2025-05-03] Accepted gimp 3.0.2-3 (source) into unstable (Matthias Klumpp)
  • [2025-05-01] gimp 3.0.2-2 MIGRATED to testing (Debian testing watch)
  • [2025-04-21] Accepted gimp 3.0.2-2 (source) into unstable (Jeremy Bícha) (signed by: Jeremy Bicha)
  • [2025-03-31] gimp 3.0.2-1 MIGRATED to testing (Debian testing watch)
  • [2025-03-26] Accepted gimp 3.0.2-1 (source) into unstable (Jeremy Bícha) (signed by: Jeremy Bicha)
  • [2025-03-23] gimp 3.0.0-2 MIGRATED to testing (Debian testing watch)
  • [2025-03-17] Accepted gimp 3.0.0-2 (source) into unstable (Jeremy Bícha) (signed by: Jeremy Bicha)
  • [2025-03-17] Accepted gimp 3.0.0-1 (source) into unstable (Jeremy Bícha) (signed by: Jeremy Bicha)
  • [2025-02-15] gimp 3.0.0~RC3-1 MIGRATED to testing (Debian testing watch)
  • [2025-02-10] Accepted gimp 3.0.0~RC3-1 (source) into unstable (Jeremy Bícha) (signed by: Jeremy Bicha)
  • [2025-01-10] gimp 3.0.0~RC2-1 MIGRATED to testing (Debian testing watch)
  • [2024-12-28] Removed 3.0.0~RC1-3 from experimental (Debian FTP Masters)
  • [2024-12-28] Accepted gimp 3.0.0~RC2-1 (source) into unstable (Jeremy Bícha) (signed by: Jeremy Bicha)
  • [2024-12-11] Accepted gimp 3.0.0~RC1-4 (source) into unstable (Jeremy Bícha) (signed by: Jeremy Bicha)
  • [2024-11-25] Accepted gimp 3.0.0~RC1-3 (source) into experimental (Jeremy Bícha) (signed by: Jeremy Bicha)
  • [2024-11-07] Accepted gimp 3.0.0~RC1-1 (source) into experimental (Jordi Mallach)
  • [2024-09-25] gimp REMOVED from testing (Debian testing watch)
  • [2024-08-01] gimp 2.10.38-2 MIGRATED to testing (Debian testing watch)
  • [2024-07-26] Accepted gimp 2.10.38-2 (source) into unstable (Jeremy Bícha) (signed by: Jeremy Bicha)
  • [2024-05-13] gimp 2.10.38-1 MIGRATED to testing (Debian testing watch)
  • [2024-05-07] Accepted gimp 2.10.38-1 (source) into unstable (Jeremy Bícha) (signed by: Jeremy Bicha)
  • [2024-05-03] gimp 2.10.36-3 MIGRATED to testing (Debian testing watch)
  • [2024-03-19] Accepted gimp 2.99.18-1 (source) into experimental (Jordi Mallach)
  • [2024-03-02] Accepted gimp 2.10.36-3 (source) into unstable (Jeremy Bícha) (signed by: Jeremy Bicha)
  • [2023-12-26] Accepted gimp 2.10.22-4+deb11u2 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Adrian Bunk)
  • 1
  • 2
bugs [bug history graph]
  • all: 142 148
  • RC: 0
  • I&N: 100 103
  • M&W: 42 45
  • F&P: 0
  • patch: 2
links
  • homepage
  • lintian (0, 28)
  • buildd: logs, checks, reproducibility, cross
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • screenshots
  • l10n (-, 78)
  • debian patches
  • debci
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 3.0.4-1
  • 410 bugs (4 patches)

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing