| Package | gimp |
|---|---|
| Version | 2.8.18-1+deb9u8 (stretch), 2.10.8-2+deb10u7 (buster) |
| Related CVEs | CVE-2026-2239 CVE-2026-2271 CVE-2026-2272 |
Several vulnerabilities were discovered in GIMP, the GNU Image Manipulation Program, which could result in denial of service or potentially the execution of arbitrary code if malformed PSD, PSP or ICO files are opened.
For Debian 10 buster, these problems have been fixed in version 2.10.8-2+deb10u7.
For Debian 9 stretch, these problems have been fixed in version 2.8.18-1+deb9u8.
We recommend that you upgrade your gimp packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.