Updated gimp packages fix security vulnerabilities
Publication date: 17 Jan 2026Modification date: 17 Jan 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-2760 , CVE-2025-2761 , CVE-2025-48797 , CVE-2025-48798 , CVE-2025-10934 , CVE-2025-14422 , CVE-2025-14425
Description
XWD File Parsing Integer Overflow Remote Code Execution Vulnerability.
(CVE-2025-2760)
FLI File Parsing Out-Of-Bounds Write Remote Code Execution
Vulnerability. (CVE-2025-2761)
Multiple heap buffer overflows in tga parser. (CVE-2025-48797)
Multiple use after free in xcf parser. (CVE-2025-48798)
XWD File Parsing Heap-based Buffer Overflow Remote Code Execution
Vulnerability. (CVE-2025-10934)
PNM File Parsing Integer Overflow Remote Code Execution Vulnerability.
(CVE-2025-14422)
JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution
Vulnerability. (CVE-2025-14425)
References
- https://bugs.mageia.org/show_bug.cgi?id=34363
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/DVVZTOVQSBY5ON5P7HYQIXK2OLMSUEH5/
- https://lists.debian.org/debian-lts-announce/2025/11/msg00005.html
- https://lists.debian.org/debian-security-announce/2025/msg00103.html
- https://lists.debian.org/debian-security-announce/2026/msg00001.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2760
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2761
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48797
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48798
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10934
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14422
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14425
SRPMS
9/core
- gimp-2.10.36-1.1.mga9