{"id":"ALSA-2025:22417","summary":"Important: gimp:2.8 security update","details":"The GIMP (GNU Image Manipulation Program) is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo.  \n\nSecurity Fix(es):  \n\n  * gimp: GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability (CVE-2025-10922)\n  * gimp: GIMP ICNS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability (CVE-2025-10920)\n  * gimp: GIMP WBMP File Parsing Integer Overflow Remote Code Execution Vulnerability (CVE-2025-10923)\n  * gimp: GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability (CVE-2025-10921)\n  * gimp: GIMP ILBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability (CVE-2025-10925)\n  * gimp: GIMP FF File Parsing Integer Overflow Remote Code Execution Vulnerability (CVE-2025-10924)\n  * gimp: GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability (CVE-2025-10934)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n","modified":"2026-02-04T04:15:08.474474Z","published":"2025-12-01T00:00:00Z","related":["CVE-2025-10920","CVE-2025-10921","CVE-2025-10922","CVE-2025-10923","CVE-2025-10924","CVE-2025-10925","CVE-2025-10934"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:22417"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-10920"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-10921"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-10922"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-10923"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-10924"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-10925"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-10934"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2407188"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2407191"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2407192"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2407194"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2407199"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2407200"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2407233"},{"type":"ADVISORY","url":"https://errata.almalinux.org/8/ALSA-2025-22417.html"}],"affected":[{"package":{"name":"gimp","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/gimp"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:2.8.22-26.module_el8.10.0+4070+64105a56.3"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:22417.json"}},{"package":{"name":"gimp-devel","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/gimp-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:2.8.22-26.module_el8.10.0+4070+64105a56.3"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:22417.json"}},{"package":{"name":"gimp-devel-tools","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/gimp-devel-tools"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:2.8.22-26.module_el8.10.0+4070+64105a56.3"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:22417.json"}},{"package":{"name":"gimp-libs","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/gimp-libs"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:2.8.22-26.module_el8.10.0+4070+64105a56.3"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:22417.json"}},{"package":{"name":"pygobject2","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/pygobject2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.28.7-5.module_el8.10.0+3952+571e801c"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:22417.json"}},{"package":{"name":"pygobject2-codegen","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/pygobject2-codegen"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.28.7-5.module_el8.10.0+3952+571e801c"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:22417.json"}},{"package":{"name":"pygobject2-devel","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/pygobject2-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.28.7-5.module_el8.10.0+3952+571e801c"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:22417.json"}},{"package":{"name":"pygobject2-doc","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/pygobject2-doc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.28.7-5.module_el8.10.0+3952+571e801c"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:22417.json"}},{"package":{"name":"pygtk2","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/pygtk2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.24.0-25.module_el8.9.0+3725+d1441900"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:22417.json"}},{"package":{"name":"pygtk2-codegen","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/pygtk2-codegen"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.24.0-25.module_el8.9.0+3725+d1441900"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:22417.json"}},{"package":{"name":"pygtk2-devel","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/pygtk2-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.24.0-25.module_el8.9.0+3725+d1441900"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:22417.json"}},{"package":{"name":"pygtk2-doc","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/pygtk2-doc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.24.0-25.module_el8.9.0+3725+d1441900"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:22417.json"}},{"package":{"name":"python2-cairo","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-cairo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.16.3-7.module_el8.10.0+3952+571e801c"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:22417.json"}},{"package":{"name":"python2-cairo-devel","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-cairo-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.16.3-7.module_el8.10.0+3952+571e801c"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:22417.json"}}],"schema_version":"1.7.3"}