[SECURITY] [DSA 6014-1] gimp security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 6014-1] gimp security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Sun, 28 Sep 2025 14:55:49 +0000
Message-id: <[🔎] aNlMdXlrv4liZeOH@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6014-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
September 28, 2025                    https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : gimp
CVE ID         : CVE-2025-10920 CVE-2025-10922 CVE-2025-10923 CVE-2025-10924

Several vulnerabilities were discovered in GIMP, the GNU Image
Manipulation Program, which could result in denial of service or
potentially the execution of arbitrary code if malformed Farbfeld,
Wireless Bitmap, DICOM or Apple Icon images are opened.

For the stable distribution (trixie), these problems have been fixed in
version 3.0.4-3+deb13u1.

We recommend that you upgrade your gimp packages.

For the detailed security status of gimp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gimp

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmjZSvkACgkQEMKTtsN8
TjZRPw/9G3TBaaoPmvHMvcs0ZOUbr+C2n4BTIiMabGONj8IMNQxF9MeIk5zPsMRm
Avk1o4gzQT3rf90S4Rtetv12ITkRarIt4ZfnYDewJqyP6VFA/sCYat41JPKxOT2I
R7z1VNtTfqd3GzI++ASXByfP2L11EW0K0vqQCwYF85V5Z7vsdVDsMv13KGNXRua5
0C9VvQ23zGnnOK3RyYapPGzyTFiS3Y+x+g5+0MOphNJY9PYlhDeohCPP7u/yuy/M
jXQfMkiRgdTCgyMhMf2nqF6jvnbyz9WtY00rWc1yajWfxKSNyViQUCfzzCq1qwlu
/zKh0u0RooeqGzxByQ84uu7OEqD72n9iW46y/anS5+nMoIILcq9EQdhY02a2p2gH
3/0LQ342B4ew4F6wx/iIlGMXdcaVt1A+gkC0hVP4T8s3hWTGnwoCmNz7DQd9m18w
RxgyqlUnYRa7/BoVacw3ypGURUOSU0vZLsYYczAZwMlSByfnaB1IWp6F2RRnwP5p
nHtjqM4a0AZgUqghPI3j6TDQGjmd/3BhYb5wXJf2BcCLjIW+qo2wsuHte/kmjxoY
9j/kzuBGrXysg7droDhEFfKs3XaKBPtHCQYCKFndGa8KNohy4vbnfCLpZg0omthl
Cend0SL981VBdP0nsP5PoHdjh/xzKnouQxH7pTu8ZeLSUdyfSNc=
=hK5f
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 6013-1] node-tar-fs security update
Previous by thread: [SECURITY] [DSA 6013-1] node-tar-fs security update
Index(es):
- Date
- Thread