Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2026:1574

Опубликовано: 30 янв. 2026
Источник: rocky
Оценка: Important

Описание

Important: gimp:2.8 security update

The GIMP (GNU Image Manipulation Program) is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo.

Security Fix(es):

  • gimp: GIMP: Remote Code Execution via PNM file parsing integer overflow (CVE-2025-14422)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
pygobject2x86_645.module+el8.10.0+1927+52edb5a0pygobject2-2.28.7-5.module+el8.10.0+1927+52edb5a0.x86_64.rpm
pygobject2-codegenx86_645.module+el8.10.0+1927+52edb5a0pygobject2-codegen-2.28.7-5.module+el8.10.0+1927+52edb5a0.x86_64.rpm
pygobject2-develx86_645.module+el8.10.0+1927+52edb5a0pygobject2-devel-2.28.7-5.module+el8.10.0+1927+52edb5a0.x86_64.rpm
pygobject2-docx86_645.module+el8.10.0+1927+52edb5a0pygobject2-doc-2.28.7-5.module+el8.10.0+1927+52edb5a0.x86_64.rpm
pygtk2x86_6425.module+el8.9.0+1723+9bc93544pygtk2-2.24.0-25.module+el8.9.0+1723+9bc93544.x86_64.rpm
pygtk2-codegenx86_6425.module+el8.9.0+1723+9bc93544pygtk2-codegen-2.24.0-25.module+el8.9.0+1723+9bc93544.x86_64.rpm
pygtk2-develx86_6425.module+el8.9.0+1723+9bc93544pygtk2-devel-2.24.0-25.module+el8.9.0+1723+9bc93544.x86_64.rpm
pygtk2-docnoarch25.module+el8.9.0+1723+9bc93544pygtk2-doc-2.24.0-25.module+el8.9.0+1723+9bc93544.noarch.rpm
python2-cairox86_647.module+el8.10.0+1927+52edb5a0python2-cairo-1.16.3-7.module+el8.10.0+1927+52edb5a0.x86_64.rpm
python2-cairo-develx86_647.module+el8.10.0+1927+52edb5a0python2-cairo-devel-1.16.3-7.module+el8.10.0+1927+52edb5a0.x86_64.rpm

Показывать по

Связанные CVE

CVE-2025-14422

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2025-14422

CVSS3: 7.8
ubuntu
4 месяца назад

GIMP PNM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PNM files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28273.

redhat логотип

CVE-2025-14422

CVSS3: 7.8
redhat
4 месяца назад

GIMP PNM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PNM files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28273.

nvd логотип

CVE-2025-14422

CVSS3: 7.8
nvd
4 месяца назад

GIMP PNM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PNM files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28273.

debian логотип

CVE-2025-14422

CVSS3: 7.8
debian
4 месяца назад

GIMP PNM File Parsing Integer Overflow Remote Code Execution Vulnerabi ...

redos логотип

ROS-20260224-73-0005

redos
около 1 месяца назад

Уязвимость gimp