[security - high] gimp:2.8 security update
エラータID: AXSA:2026-106:01
The GIMP (GNU Image Manipulation Program) is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo.
Security Fix(es):
* gimp: GIMP: Remote Code Execution via PNM file parsing integer overflow (CVE-2025-14422)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2025-14422
GIMP PNM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PNM files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28273.
Modularity name: "gimp"
Stream name: "2.8"
Update packages.
GIMP PNM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PNM files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28273.
N/A
SRPMS
- gimp-2.8.22-26.module+el8+1948+9bf7481b.4.src.rpm
MD5: 78f125669bfd4c858fec756a3d63b749
SHA-256: 60c9114f829d257fc8a5d806c62a8203df2ce86911fdfbf9ae417e280e44f5d9
Size: 20.07 MB - pygobject2-2.28.7-5.module+el8+1948+9bf7481b.src.rpm
MD5: ddd5aed570010ffe4a65f5b95ff19bed
SHA-256: c25e18fcbf7ac038f35a587e305c95db4b4674ad7b85e7146a3496aacd9640db
Size: 750.83 kB - pygtk2-2.24.0-25.module+el8+1948+9bf7481b.src.rpm
MD5: f312638addcdaab6d56256d182fd8f11
SHA-256: 3251e8a6666d1ce0e86604c02fd6b745fc2c58d9e2770869cb5f993581008c08
Size: 2.28 MB - python2-pycairo-1.16.3-7.module+el8+1948+9bf7481b.src.rpm
MD5: eb34d4c83ce0e92ec111e586cdc20a9d
SHA-256: bc37653130f167cd234d41da15f1388692095ebf250ca588984fb802c2dfde34
Size: 199.60 kB
Asianux Server 8 for x86_64
- gimp-2.8.22-26.module+el8+1948+9bf7481b.4.x86_64.rpm
MD5: 02229e40804a2d0ba5734aa05f959da5
SHA-256: 29b0720e3dd2a711a1d0666d700d5cceee328c3edc728281617e712ca75876c7
Size: 14.96 MB - gimp-debugsource-2.8.22-26.module+el8+1948+9bf7481b.4.x86_64.rpm
MD5: f7f5a7c877f59a546d6fdb5545f09431
SHA-256: c38a9f85f52aa7764d1ad98f6514f0cffbd25ffe654ad54c8cd0f3c55eaf9f0b
Size: 4.50 MB - gimp-devel-2.8.22-26.module+el8+1948+9bf7481b.4.x86_64.rpm
MD5: dae630e5adc091cf424d1ff6694307f0
SHA-256: 0d23b8a2b121cfa8c8a2752a5239c8fbd64d2d04a472071d3c906242cc0f9ae9
Size: 940.33 kB - gimp-devel-tools-2.8.22-26.module+el8+1948+9bf7481b.4.x86_64.rpm
MD5: 48cc64953e21a09290d7f654886e6728
SHA-256: 78cb3d9aa41015f31ed7957ba232f0fea3d5e1087517ce6d2ec23f2c18fa0140
Size: 79.33 kB - gimp-libs-2.8.22-26.module+el8+1948+9bf7481b.4.x86_64.rpm
MD5: 62d53169347e4fc5352858deb2cb99d1
SHA-256: e0afed7e19a4cc9c017fb11af748a520a57773e33aee68b39ab988da9a4c6e83
Size: 1.40 MB - pygobject2-2.28.7-5.module+el8+1948+9bf7481b.x86_64.rpm
MD5: 6601ed80ff9558c5337639ebf8330e21
SHA-256: a36da6b4ce3c0012db513a9dd009c65a317526b438aca7675bd87ff95cb3a1aa
Size: 235.10 kB - pygobject2-codegen-2.28.7-5.module+el8+1948+9bf7481b.x86_64.rpm
MD5: 3417fe8d014910bc1513149c79a3f465
SHA-256: cf8826cc90e5ab6c03662b90adcb276c2ec5a4cd589475fdc384f3bc97b0964f
Size: 108.40 kB - pygobject2-debugsource-2.28.7-5.module+el8+1948+9bf7481b.x86_64.rpm
MD5: a416f383a10de22e510343cfae9514cd
SHA-256: 610e61bc348fd76d89ffe6e04a06bbbf34929c411aa779202bdecb0c6d08ed93
Size: 156.13 kB - pygobject2-devel-2.28.7-5.module+el8+1948+9bf7481b.x86_64.rpm
MD5: 83968b197b06cbec71be3f5ce74f9529
SHA-256: 9fd6e8fe68d62e041c6cfaf07f3dd62755fe5efe4578b0bfc8f1d033ae2142f3
Size: 71.83 kB - pygobject2-doc-2.28.7-5.module+el8+1948+9bf7481b.x86_64.rpm
MD5: f5e0324265912b6b1658be468f47c650
SHA-256: 31012a10241a488bb7e1b26b2269c4de9535334d24acbcd5b3977fb7bda7a882
Size: 129.60 kB - pygtk2-2.24.0-25.module+el8+1948+9bf7481b.x86_64.rpm
MD5: ccb8befcfbb90f02802d50fff9a5de4b
SHA-256: 8b6f77a98576f70fef49ccce408ee1c76eca0f6274bda3b0c182e789bad77bdc
Size: 928.67 kB - pygtk2-codegen-2.24.0-25.module+el8+1948+9bf7481b.x86_64.rpm
MD5: b657f69175e44674eaeccaed540c1775
SHA-256: 32abc120843899245c9481f5bf78f6247b982e29d158f8de660a33dc5490af03
Size: 22.19 kB - pygtk2-debugsource-2.24.0-25.module+el8+1948+9bf7481b.x86_64.rpm
MD5: c49312c1f2907071d226103a08205ea1
SHA-256: 128204ad96ba242078a6a39987dcdfad2e9148e4b1422018f05b5e032873dd65
Size: 464.89 kB - pygtk2-devel-2.24.0-25.module+el8+1948+9bf7481b.x86_64.rpm
MD5: f65bda3eebb43678470aed4eaadc1499
SHA-256: 182ecb22a535c3edc709bd880c4560df3dc3695ba45b76801c454b269d48699e
Size: 151.10 kB - pygtk2-doc-2.24.0-25.module+el8+1948+9bf7481b.noarch.rpm
MD5: 59935e2021ce7b0ab0efd0e519335fa9
SHA-256: 18140b3f35681e1299644f9d2c4b9fbd8b7a0a0d294ef3c24c606d50e1d8b500
Size: 1.19 MB - python2-cairo-1.16.3-7.module+el8+1948+9bf7481b.x86_64.rpm
MD5: 54caca4d9fc3062fd67e551d09fd7c35
SHA-256: 861c1248f9df7054193ff7b64eeea02d7a5de490226a18feb608d343c44c1581
Size: 88.64 kB - python2-cairo-devel-1.16.3-7.module+el8+1948+9bf7481b.x86_64.rpm
MD5: 8b179f8abf80fc370974dd7217ccaa56
SHA-256: dfc10d47ce6a9bd17b4f6f53beb4310bae87627b850a8ecc28b26b1ab5ba6f68
Size: 15.97 kB - python2-pycairo-debugsource-1.16.3-7.module+el8+1948+9bf7481b.x86_64.rpm
MD5: 960bf3895f9c03893856aff01be76fc6
SHA-256: c4b1bb627a2d512d7a4cd92ab7f09fa2f4f58f158f4fc7e139df0ae30d500b1a
Size: 55.97 kB