| Package | gimp |
|---|---|
| Version | 2.8.18-1+deb9u6 (stretch), 2.10.8-2+deb10u5 (buster) |
| Related CVEs | CVE-2025-10934 |
GIMP, the GNU Image Manipulation Program, is vulnerable to a heap-based buffer overflow when parsing XWD files. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP and requires the target to visit a malicious page or open a malicious file.
For Debian 10 buster, these problems have been fixed in version 2.10.8-2+deb10u5.
For Debian 9 stretch, these problems have been fixed in version 2.8.18-1+deb9u6.
We recommend that you upgrade your gimp packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.