GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28248.

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006280 advisory.

    GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability     allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is     required to exploit this vulnerability in that the target must visit a malicious page or open a malicious     file.

    The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper     validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can     leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28248.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8057-1 advisory.

    Hanno Bck discovered that GIMP allocated FLI images using only the information present in the file     header, which allowed for a maliciously- crafted file to cause out-of-bounds writes. An attacker could     possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected     Ubuntu 16.04 LTS. (CVE-2017-17785)

    Michael Randrianantenaina discovered that that opening a maliciously crafted FLI file could cause GIMP to     index out-of-bounds. An attacker could possibly use this issue to cause a denial or service or execute     arbitrary code. (CVE-2025-2761)

    It was discovered that opening a maliciously-crafted DCM file could cause GIMP to index out-of-bounds. An     attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
    (CVE-2025-10922)

    It was discovered that GIMP's JP2 parser did not account for precision when allocating an image buffer. An     attacker could possibly use this to cause a denial of service or execute arbitrary code when a maliciously     crafted file is opened. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS.
    (CVE-2025-14425)

    It was discovered that GIMP's PSP parser erroneously queried the color channels of a greyscale image,     which resulted in an invalid memory pointer. An attacker could possibly use this to cause a denial of     service or execute arbitrary code when a maliciously-crafted file is opened. This issue only affected     Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2025-15059)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-openSUSE-RU-2026:20168-1 advisory.

    Changes in gimp:

    - Update to 3.0.8
      - Font Loading Performance
        - Improvements in start-up time for users with a large number           of fonts was backported from our 3.2 RC2 release. As a           result, we now wait to load images until fonts are           initialized - this prevents some occasional odd displays and           other issues when an XCF file tried to access a partially           loaded font.
      - Assorted updates and fixes
        - Daniel Plakhotich helped us identify an issue when exporting           a lossless WEBP image could be affected by lossy settings           (such as Quality being less than 100%). Weve updated our           WEBP plug-in to prevent this from happening.
        - Thanks to Jehans efforts, the standard gimp-3.0 executable           can now be run with a --no-interface flag instead of           requiring users to call gimp-console-3.0 even on devices with           no display. The --show-debug-menu flag is now visible as           well.
        - programmer_ceds improved our flatpak by adding safe guards to           show the correct configuration directory regardless of           whether XDG_CONFIG_HOME is defined on the users system. This           should make it much easier for flatpak users to install and           use third party plug-ins.
        - We fixed a rare but possible crash when using the Equalize           filter on images with NaN values. Images that contain these           are usually created from scientific or mapping data, so           youre unlikely to come across them in standard editing.
        - Jeremy Bicha fixed an internal issue where the wrong version           number could be used when installing minor releases (such as           the 3.2 release candidates and upcoming 3.2 stable release).
        - As noted in our 3.2RC2 news post, we have updated our SVG           import code to improve the rendered path.
        - Further improvements have been made to our non-destructive           filter code to improve stability, especially when copying and           pasting layers and images with filters attached to them. Some           issues related to applying NDE filters on Quick Masks have           also been corrected.
        - An unintended Search pop-up that appeared when typing while           the Channels dockable was selected has been turned off.
        - When saving XCFs for GIMP 2.10 compatibility, we           unintentionally saved Grid color using the new color format.
          This caused errors when reopening the XCF in 2.10. This           problem has now been fixed! If you encounter any other XCF           incompatibility, please let us know.
      - Themes and UX
        - The Navigation and Selection Editor dockables no longer show           a large bright texture when no image is actively selected.
          This was especially noticeable on dark themes.
        - When a layer has no active filters, the Fx column had the           same checkbox outline when hovered over as the lock column.
          This led to confusion about clicking it to add filters. We           have removed the outline on hover as a small step to help           address this.
        - Ondej M?chal fixed alignment and cut-off issues with the           buttons on our Transform tool overlays. All buttons should           now be properly centered and visible.
        - The options for filling layers with colors when resizing the           canvas will be turned off when not relevant (such as when you           set layers to not be resized).
        - More GUI elements such as dialog header icons will now           respond to your icon size preferences.
        - Ondej M?chal has continued his work to update our UI with           the more usable Spin Scale widget. He has also updated the           widget itself to improve how it works for users and           developers alike.
      - Security fixes
        - Jacob Boerema and Gabriele Barbero continued to patch           potential security issues related to some of our file format           plug-ins. In addition to existing fixes mentioned in the           release candidate news posts, the following exploits are now           prevented: ZDI-CAN-28232 ZDI-CAN-28265 ZDI-CAN-28530           ZDI-CAN-28591 ZDI-CAN-28599
        - Another potential issue related to ICO files with incorrect           metadata was reported by Dhiraj. It does not have a CVE           number yet, but it has been fixed for GIMP 3.0.8. Jacob           Boerema also fixed a potential issue with loading Creator           blocks in Paintshop Pro PSP images.
      - API
        - For plug-in and script developers, a few new public APIs were           backported to GIMP 3.0.8. gimp_cairo_surface_get_buffer ()           allows you to retrieve a GEGL buffer from a Cairo surface           (such as a text layer). Note that this deprecates           gimp_cairo_surface_create_buffer ().
        - gimp_config_set_xcf_version () and           gimp_config_get_xcf_version () can be used to specify a           particular XCF version for a configuration. This will allow           you to have that data serialized/deserialized for certain           versions of GIMP if there were differences (such as the Grid           colors mentioned above).
        - Fixes were made for retrieving image metadata via scripting.
          GimpMetadata is now a visible child of GExiv2Metadata, so you           can use standard gexiv2 functions to retrieve information           from it.
        - Original thumbnail metadata is also now removed on export to           prevent potential issues when exporting into a new format.

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:1586 advisory.

    The GIMP (GNU Image Manipulation Program) is an image composition and editing program. GIMP provides a     large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and     anti-aliasing, and conversions, all with multi-level undo.

    Security Fix(es):

    * gimp: GIMP: Remote Code Execution via PNM file parsing integer overflow (CVE-2025-14422)

    * gimp: GIMP: Remote Code Execution via JP2 file parsing heap-based buffer overflow (CVE-2025-14425)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:1585 advisory.

    The GIMP (GNU Image Manipulation Program) is an image composition and editing program. GIMP provides a     large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and     anti-aliasing, and conversions, all with multi-level undo.

    Security Fix(es):

    * gimp: GIMP: Remote Code Execution via PNM file parsing integer overflow (CVE-2025-14422)

    * gimp: GIMP: Remote Code Execution via JP2 file parsing heap-based buffer overflow (CVE-2025-14425)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:1587 advisory.

    The GIMP (GNU Image Manipulation Program) is an image composition and editing program. GIMP provides a     large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and     anti-aliasing, and conversions, all with multi-level undo.

    Security Fix(es):

    * gimp: GIMP: Remote Code Execution via PNM file parsing integer overflow (CVE-2025-14422)

    * gimp: GIMP: Remote Code Execution via JP2 file parsing heap-based buffer overflow (CVE-2025-14425)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0313-1 advisory.

    - CVE-2025-14422: Fixed RCE vulnerability due to PNM file parsing integer overflow (bsc#1255293)
    - CVE-2025-14425: Fixed RCE vulnerability due to JP2 file parsing heap-based buffer overflow (bsc#1255296)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:1511 advisory.

    The GIMP (GNU Image Manipulation Program) is an image composition and editing program. GIMP provides a     large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and     anti-aliasing, and conversions, all with multi-level undo.

    Security Fix(es):

    * gimp: GIMP: Remote Code Execution via PNM file parsing integer overflow (CVE-2025-14422)

    * gimp: GIMP: Remote Code Execution via JP2 file parsing heap-based buffer overflow (CVE-2025-14425)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-085:01 advisory.

    * gimp: GIMP: Remote Code Execution via PNM file parsing integer overflow (CVE-2025-14422)
      * gimp: GIMP: Remote Code Execution via JP2 file parsing heap-based buffer overflow (CVE-2025-14425)
      * gimp: GIMP: Remote Code Execution via XCF File Parsing Use-After-Free (CVE-2025-14424)
      * gimp: GIMP: Remote Code Execution via stack-based buffer overflow in LBM file parsing (CVE-2025-14423)

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:0914 advisory.

    * gimp: GIMP: Remote Code Execution via PNM file parsing integer overflow (CVE-2025-14422)
      * gimp: GIMP: Remote Code Execution via JP2 file parsing heap-based buffer overflow (CVE-2025-14425)
      * gimp: GIMP: Remote Code Execution via XCF File Parsing Use-After-Free (CVE-2025-14424)
      * gimp: GIMP: Remote Code Execution via stack-based buffer overflow in LBM file parsing (CVE-2025-14423)

Tenable has extracted the preceding description block directly from the AlmaLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20100-1 advisory.

    Changes in gimp:

    - CVE-2025-14422: Fixed PNM File Parsing Integer Overflow (bsc#1255293)
    - CVE-2025-14423: Fixed LBM File Parsing Stack-based Buffer Overflow (bsc#1255294)
    - CVE-2025-14424: Fixed XCF File Parsing Use-After-Free (bsc#1255295)
    - CVE-2025-14425: Fixed JP2 File Parsing Heap-based Buffer Overflow(bsc#1255296)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:0914 advisory.

    * gimp: GIMP: Remote Code Execution via PNM file parsing integer overflow (CVE-2025-14422)

    * gimp: GIMP: Remote Code Execution via JP2 file parsing heap-based buffer overflow (CVE-2025-14425)

    * gimp: GIMP: Remote Code Execution via XCF File Parsing Use-After-Free (CVE-2025-14424)

    * gimp: GIMP: Remote Code Execution via stack-based buffer overflow in LBM file parsing (CVE-2025-14423)

Tenable has extracted the preceding description block directly from the RockyLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-0914 advisory.

    - fix CVE-2025-14422
    - fix CVE-2025-14423
    - fix CVE-2025-14424
    - fix CVE-2025-14425
    - fix CVE-2025-10920
    - fix CVE-2025-10921
    - fix CVE-2025-10922
    - fix CVE-2025-10923
    - fix CVE-2025-10924
    - fix CVE-2025-10925

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0914 advisory.

    The GIMP (GNU Image Manipulation Program) is an image composition and editing program. GIMP provides a     large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and     anti-aliasing, and conversions, all with multi-level undo.

    Security Fix(es):

    * gimp: GIMP: Remote Code Execution via PNM file parsing integer overflow (CVE-2025-14422)

    * gimp: GIMP: Remote Code Execution via JP2 file parsing heap-based buffer overflow (CVE-2025-14425)

    * gimp: GIMP: Remote Code Execution via XCF File Parsing Use-After-Free (CVE-2025-14424)

    * gimp: GIMP: Remote Code Execution via stack-based buffer overflow in LBM file parsing (CVE-2025-14423)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6093 advisory.

    - -------------------------------------------------------------------------     Debian Security Advisory DSA-6093-1                   security@debian.org     https://www.debian.org/security/                       Moritz Muehlenhoff     January 04, 2026                      https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package        : gimp     CVE ID         : CVE-2025-14422 CVE-2025-14424 CVE-2025-14425

    Several vulnerabilities were discovered in GIMP, the GNU Image     Manipulation Program, which could result in denial of service or     potentially the execution of arbitrary code if malformed XCF, JPEG 2000     or PNM files are opened.

    For the oldstable distribution (bookworm), these problems have been fixed     in version 2.10.34-1+deb12u6.

    For the stable distribution (trixie), these problems have been fixed in     version 3.0.4-3+deb13u4.

    We recommend that you upgrade your gimp packages.

    For the detailed security status of gimp please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/gimp

    Further information about Debian Security Advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4431 advisory.

    -------------------------------------------------------------------------     Debian LTS Advisory DLA-4431-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                   Andreas Henriksson     January 02, 2026                              https://wiki.debian.org/LTS
    -------------------------------------------------------------------------

    Package        : gimp     Version        : 2.10.22-4+deb11u5     CVE ID         : CVE-2022-30067 CVE-2025-14422 CVE-2025-14425     Debian Bug     :

    Several vulnerabilities were discovered in GIMP, the GNU Image     Manipulation Program, which could result in buffer overflows and     potentially the execution of arbitrary code if malformed XCF, PNM and     JP2 files are opened.

    CVE-2022-30067

        GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Through a         crafted XCF file, the program will allocate for a huge amount of memory,         resulting in insufficient memory or program crash.

    CVE-2025-14422

        GIMP PNM File Parsing Integer Overflow Remote Code Execution         Vulnerability.
        This vulnerability allows remote attackers to execute arbitrary code on         affected installations of GIMP. User interaction is required to exploit         this vulnerability in that the target must visit a malicious page or         open a malicious file. The specific flaw exists within the parsing of         PNM files. The issue results from the lack of proper validation of         user-supplied data, which can result in an integer overflow before         allocating a buffer. An attacker can leverage this vulnerability to         execute code in the context of the current process. Was ZDI-CAN-28273.

    CVE-2025-14425

        GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution         Vulnerability.
        This vulnerability allows remote attackers to execute arbitrary code on         affected installations of GIMP. User interaction is required to exploit         this vulnerability in that the target must visit a malicious page or         open a malicious file. The specific flaw exists within the parsing of         JP2 files. The issue results from the lack of proper validation of the         length of user-supplied data prior to copying it to a heap-based buffer.
        An attacker can leverage this vulnerability to execute code in the         context of the current process. Was ZDI-CAN-28248.


    For Debian 11 bullseye, these problems have been fixed in version     2.10.22-4+deb11u5.

    We recommend that you upgrade your gimp packages.

    For the detailed security status of gimp please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/gimp

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS     Attachment:
    signature.asc     Description: PGP signature

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability     allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is     required to exploit this vulnerability in that the target must visit a malicious page or open a malicious     file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper     validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can     leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28248.
    (CVE-2025-14425)

Note that Nessus relies on the presence of the package as reported by the vendor.

ID	Name	Product	Family	Severity
303340	Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: gimp (UTSA-2026-006280)	Nessus	Unity Linux Local Security Checks	high
299909	Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : GIMP vulnerabilities (USN-8057-1)	Nessus	Ubuntu Local Security Checks	high
297978	openSUSE 16 : Recommended update for gimp (SUSE-SU-openSUSE-RU-2026:20168-1)	Nessus	SuSE Local Security Checks	high
297167	RHEL 9 : gimp (RHSA-2026:1586)	Nessus	Red Hat Local Security Checks	high
297151	RHEL 9 : gimp (RHSA-2026:1585)	Nessus	Red Hat Local Security Checks	high
297145	RHEL 9 : gimp (RHSA-2026:1587)	Nessus	Red Hat Local Security Checks	high
297092	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : gimp (SUSE-SU-2026:0313-1)	Nessus	SuSE Local Security Checks	high
297066	RHEL 9 : gimp (RHSA-2026:1511)	Nessus	Red Hat Local Security Checks	high
296683	MiracleLinux 9 : gimp-3.0.4-1.el9_7.2 (AXSA:2026-085:01)	Nessus	Miracle Linux Local Security Checks	high
296590	AlmaLinux 9 : gimp (ALSA-2026:0914)	Nessus	Alma Linux Local Security Checks	high
296568	openSUSE 16 Security Update : gimp (openSUSE-SU-2026:20100-1)	Nessus	SuSE Local Security Checks	high
294963	RockyLinux 9 : gimp (RLSA-2026:0914)	Nessus	Rocky Linux Local Security Checks	high
294879	Oracle Linux 9 : gimp (ELSA-2026-0914)	Nessus	Oracle Linux Local Security Checks	high
294852	RHEL 9 : gimp (RHSA-2026:0914)	Nessus	Red Hat Local Security Checks	high
281643	Debian dsa-6093 : gimp - security update	Nessus	Debian Local Security Checks	high
281613	Debian dla-4431 : gimp - security update	Nessus	Debian Local Security Checks	medium
279697	Linux Distros Unpatched Vulnerability : CVE-2025-14425	Nessus	Misc.	high

Detections

Analytics

CVE-2025-14425

high

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

medium

high