GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FLI files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25100.

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006178 advisory.

    GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows     remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required     to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

    The specific flaw exists within the parsing of FLI files. The issue results from the lack of proper     validation of user-supplied data, which can result in a write past the end of an allocated buffer. An     attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-     CAN-25100.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8057-1 advisory.

    Hanno Bck discovered that GIMP allocated FLI images using only the information present in the file     header, which allowed for a maliciously- crafted file to cause out-of-bounds writes. An attacker could     possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected     Ubuntu 16.04 LTS. (CVE-2017-17785)

    Michael Randrianantenaina discovered that that opening a maliciously crafted FLI file could cause GIMP to     index out-of-bounds. An attacker could possibly use this issue to cause a denial or service or execute     arbitrary code. (CVE-2025-2761)

    It was discovered that opening a maliciously-crafted DCM file could cause GIMP to index out-of-bounds. An     attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
    (CVE-2025-10922)

    It was discovered that GIMP's JP2 parser did not account for precision when allocating an image buffer. An     attacker could possibly use this to cause a denial of service or execute arbitrary code when a maliciously     crafted file is opened. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS.
    (CVE-2025-14425)

    It was discovered that GIMP's PSP parser erroneously queried the color channels of a greyscale image,     which resulted in an invalid memory pointer. An attacker could possibly use this to cause a denial of     service or execute arbitrary code when a maliciously-crafted file is opened. This issue only affected     Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2025-15059)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0383 advisory.

    Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:

    CVE-2025-2761:
    GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows     remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required     to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

    The specific flaw exists within the parsing of FLI files. The issue results from the lack of proper     validation of user-supplied data, which can result in a write past the end of an allocated buffer. An     attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-     CAN-25100.

    CVE-2025-2760:
    GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows     remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required     to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

    The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper     validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An     attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-     CAN-25082.

Tenable has extracted the preceding description block directly from the Tencent Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4342 advisory.

    - -------------------------------------------------------------------------     Debian LTS Advisory DLA-4342-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                      Sylvain Beucler     October 22, 2025                              https://wiki.debian.org/LTS
    - -------------------------------------------------------------------------

    Package        : gimp     Version        : 2.10.22-4+deb11u3     CVE ID         : CVE-2025-2760 CVE-2025-2761 CVE-2025-5473 CVE-2025-6035                      CVE-2025-10922 CVE-2025-48797 CVE-2025-48798     Debian Bug     : 1105005 1107758 1116459

    Several vulnerabilities were discovered in GIMP, the GNU Image     Manipulation Program, which could result in denial of service or     potentially the execution of arbitrary code if malformed DDS, FLI,     ICO, DICOM, TGA or XCF images are opened, or when using the Despeckle     plug-in on a very large image.

    CVE-2025-2760

        GIMP XWD File Parsing Integer Overflow Remote Code Execution         Vulnerability. The specific flaw exists within the parsing of XWD         files. The issue results from the lack of proper validation of         user-supplied data, which can result in an integer overflow before         allocating a buffer. An attacker can leverage this vulnerability         to execute code in the context of the current process. Was         ZDI-CAN-25082.

    CVE-2025-2761

        GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution         Vulnerability. The specific flaw exists within the parsing of FLI         files. The issue results from the lack of proper validation of         user-supplied data, which can result in a write past the end of an         allocated buffer. An attacker can leverage this vulnerability to         execute code in the context of the current process. Was         ZDI-CAN-25100.

    CVE-2025-5473

        GIMP ICO File Parsing Integer Overflow Remote Code Execution         Vulnerability. The specific flaw exists within the parsing of ICO         files. The issue results from the lack of proper validation of         user-supplied data, which can result in an integer overflow before         writing to memory. An attacker can leverage this vulnerability to         execute code in the context of the current process. Was         ZDI-CAN-26752.

    CVE-2025-6035

        An integer overflow vulnerability exists in the GIMP Despeckle         plug-in. The issue occurs due to unchecked multiplication of image         dimensions, such as width, height, and bytes-per-pixel (img_bpp),         which can result in allocating insufficient memory and         subsequently performing out-of-bounds writes. This issue could         lead to heap corruption, a potential denial of service (DoS), or         arbitrary code execution in certain scenarios.

    CVE-2025-10922

        ZDI-CAN-27863: GIMP DCM File Parsing Heap-based Buffer Overflow         Remote Code Execution Vulnerability

    CVE-2025-48797

        Flaw when processing certain TGA image files. If a user opens one         of these image files that has been specially crafted by an         attacker, GIMP can be tricked into making serious memory errors,         potentially leading to crashes and causing a heap buffer overflow.

    CVE-2025-48798

        Flaw when processing XCF image files. If a user opens one of these         image files that has been specially crafted by an attacker, GIMP         can be tricked into making serious memory errors, potentially         leading to crashes and causing use-after-free issues.

    For Debian 11 bullseye, these problems have been fixed in version     2.10.22-4+deb11u3.

    We recommend that you upgrade your gimp packages.

    For the detailed security status of gimp please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/gimp

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5939 advisory.

    - -------------------------------------------------------------------------     Debian Security Advisory DSA-5939-1                   security@debian.org     https://www.debian.org/security/                       Moritz Muehlenhoff     June 06, 2025                         https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package        : gimp     CVE ID         : CVE-2025-2760 CVE-2025-2761 CVE-2025-48797 CVE-2025-48798

    Several vulnerabilities were discovered in GIMP, the GNU Image     Manipulation Program, which could result in denial of service or     potentially the execution of arbitrary code if malformed XCF, TGA, DDS,     FLI or ICO files are opened.

    For the stable distribution (bookworm), these problems have been fixed in     version 2.10.34-1+deb12u3.

    We recommend that you upgrade your gimp packages.

    For the detailed security status of gimp please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/gimp

    Further information about Debian Security Advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:01571-1 advisory.

    - CVE-2025-2761: unvalidated user input in FLI file parsing may lead to an out-of-bounds write     (bsc#1241691).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the dc99c67a-3fc9-11f0-a39d-b42e991fc52e advisory.

    zdi-disclosures@trendmicro.com reports:
    GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution             Vulnerability.  This vulnerability allows remote attackers to execute             arbitrary code on affected installations of GIMP.  User interaction             is required to exploit this vulnerability in that the target must             visit a malicious page or open a malicious file.
            The specific flaw exists within the parsing of FLI files.  The issue             results from the lack of proper validation of user-supplied data,             which can result in a write past the end of an allocated buffer.
            An attacker can leverage this vulnerability to execute code in the             context of the current process.  Was ZDI-CAN-25100.

Tenable has extracted the preceding description block directly from the FreeBSD security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:1571-1 advisory.

    - CVE-2025-2761: unvalidated user input in FLI file parsing may lead to an out-of-bounds write     (bsc#1241691).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:1546-1 advisory.

    - CVE-2025-2761: unvalidated user input in FLI file parsing may lead to an out-of-bounds write     (bsc#1241691).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
302286	Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: gimp (UTSA-2026-006178)	Nessus	Unity Linux Local Security Checks	high
299909	Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : GIMP vulnerabilities (USN-8057-1)	Nessus	Ubuntu Local Security Checks	high
276287	TencentOS Server 4: gimp (TSSA-2025:0383)	Nessus	Tencent Local Security Checks	high
271202	Debian dla-4342 : gimp - security update	Nessus	Debian Local Security Checks	high
237912	Debian dsa-5939 : gimp - security update	Nessus	Debian Local Security Checks	high
237895	SUSE SLED15 / SLES15 Security Update : gimp (SUSE-SU-2025:01571-1)	Nessus	SuSE Local Security Checks	high
237701	FreeBSD : Gimp -- GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability (dc99c67a-3fc9-11f0-a39d-b42e991fc52e)	Nessus	FreeBSD Local Security Checks	high
237082	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : gimp (SUSE-SU-2025:1571-1)	Nessus	SuSE Local Security Checks	high
235926	SUSE SLES12 Security Update : gimp (SUSE-SU-2025:1546-1)	Nessus	SuSE Local Security Checks	high

Detections

Analytics

CVE-2025-2761

high

Tenable Plugins

high

high

high

high

high

high

high

high

high