[SECURITY] [DSA 6043-1] gimp security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 6043-1] gimp security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Tue, 28 Oct 2025 19:36:32 +0000
Message-id: <[🔎] aQEbQD29OKjEUfnl@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6043-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
October 28, 2025                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : gimp
CVE ID         : CVE-2025-2760 CVE-2025-6035 CVE-2025-10922

Several vulnerabilities were discovered in GIMP, the GNU Image
Manipulation Program, which could result in denial of service or
potentially the execution of arbitrary code if malformed DICOM or DDS
images are opened.

For the oldstable distribution (bookworm), these problems have been fixed
in version 2.10.34-1+deb12u4.

We recommend that you upgrade your gimp packages.

For the detailed security status of gimp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gimp

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmkBGXoACgkQEMKTtsN8
TjZFFxAAv0tkoauT1PziNKZ2Ln1vuZjYJcfUo9NqyICLCOfWn7OnEo5yjZ5HuKw+
R866SP4dVa6gBQ5NTNhiWn8hAjof4kd3HslrFzBMyi9ImLLYlndquvLYgTny20zH
3CqSDgHmEGVKv+48BoO8L+R0uqxE4cbJzKNti/yTH0//iuuQ/e6gkPYwKDxTORdf
QfJGFsFLfQGYy+NMouaeP5tU8AnhUpjBXYtWwyS52OCosAG30xGP2O+WAdJgDxst
pBsufZQCi2RwwvrSO7jqcd3GU0M9PK0g46tbeCBIL37tBSc2xw0HvCRvR6o3vSeI
csHdVPhljTm/czAfuapx1zPpYz6ZhRNKODMX5vAFdlyR+5KG0SSo/0Ain/exnd/a
XuwbShIqNVvV+8WIU3ODfmE6Pdh0fq6KYdzbuMmZBbHybeKMuMC2MOiUY9VU4bT8
TQ4XckyuFPYWRV49ujKC3x5cQ3eOiA93VyL8HcRiIj8mXpiI0kyhei0WdH90BOdb
Zrnkb0EM3uMd5UkYXEWVn+fzgQnW0Sa9PCa9wt7oDd4ql4p7W+kEXcX0LXC5xdKK
2QEzHATjQ7HrUjc4+oopetzTmtOwLpmbWoN05ZKNs2LQ17/fyDloFGjEZnqA6Cfa
qxBW7XiLv3ELcxzR++oUuu1sPCbW8TFsLseTh1Du7U2lxKibjV0=
=KlCK
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 6042-1] webkit2gtk security update
Next by Date: [SECURITY] [DSA 6044-1] xorg-server security update
Previous by thread: [SECURITY] [DSA 6042-1] webkit2gtk security update
Next by thread: [SECURITY] [DSA 6044-1] xorg-server security update
Index(es):
- Date
- Thread