Security update for gimp SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2026:0684-1 Final 1 1 2026-02-27T10:43:59Z current 2026-02-27T10:43:59Z 2026-02-27T10:43:59Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for gimp This update for gimp fixes the following issues: - CVE-2026-2044: lack of proper initialization of memory can allow remote attackers to execute arbitrary code (bsc#1258532). - CVE-2026-2045: check offset in the colormap is valid before using it (bsc#1258533). - CVE-2026-2048: lack of proper validation of user-supplied data can allow remote attackers to execute arbitrary code (bsc#1258535). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2026-684,SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-684,SUSE-SLE-Product-WE-15-SP7-2026-684,openSUSE-SLE-15.6-2026-684 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2026/suse-su-20260684-1/ Link for SUSE-SU-2026:0684-1 https://lists.suse.com/pipermail/sle-security-updates/2026-February/024492.html E-Mail link for SUSE-SU-2026:0684-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1258532 SUSE Bug 1258532 https://bugzilla.suse.com/1258533 SUSE Bug 1258533 https://bugzilla.suse.com/1258535 SUSE Bug 1258535 https://www.suse.com/security/cve/CVE-2025-10934/ SUSE CVE CVE-2025-10934 page https://www.suse.com/security/cve/CVE-2026-2044/ SUSE CVE CVE-2026-2044 page https://www.suse.com/security/cve/CVE-2026-2045/ SUSE CVE CVE-2026-2045 page https://www.suse.com/security/cve/CVE-2026-2048/ SUSE CVE CVE-2026-2048 page SUSE Linux Enterprise Module for Package Hub 15 SP7 SUSE Linux Enterprise Workstation Extension 15 SP7 openSUSE Leap 15.6 gimp-2.10.30-150400.3.47.1 gimp-devel-2.10.30-150400.3.47.1 gimp-lang-2.10.30-150400.3.47.1 gimp-plugin-aa-2.10.30-150400.3.47.1 libgimp-2_0-0-2.10.30-150400.3.47.1 libgimp-2_0-0-32bit-2.10.30-150400.3.47.1 libgimp-2_0-0-64bit-2.10.30-150400.3.47.1 libgimpui-2_0-0-2.10.30-150400.3.47.1 libgimpui-2_0-0-32bit-2.10.30-150400.3.47.1 libgimpui-2_0-0-64bit-2.10.30-150400.3.47.1 gimp-2.10.30-150400.3.47.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 gimp-devel-2.10.30-150400.3.47.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 gimp-lang-2.10.30-150400.3.47.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 gimp-plugin-aa-2.10.30-150400.3.47.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 libgimp-2_0-0-2.10.30-150400.3.47.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 libgimpui-2_0-0-2.10.30-150400.3.47.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 gimp-2.10.30-150400.3.47.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP7 gimp-devel-2.10.30-150400.3.47.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP7 gimp-lang-2.10.30-150400.3.47.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP7 libgimp-2_0-0-2.10.30-150400.3.47.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP7 libgimpui-2_0-0-2.10.30-150400.3.47.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP7 gimp-2.10.30-150400.3.47.1 as a component of openSUSE Leap 15.6 gimp-devel-2.10.30-150400.3.47.1 as a component of openSUSE Leap 15.6 gimp-lang-2.10.30-150400.3.47.1 as a component of openSUSE Leap 15.6 gimp-plugin-aa-2.10.30-150400.3.47.1 as a component of openSUSE Leap 15.6 libgimp-2_0-0-2.10.30-150400.3.47.1 as a component of openSUSE Leap 15.6 libgimp-2_0-0-32bit-2.10.30-150400.3.47.1 as a component of openSUSE Leap 15.6 libgimpui-2_0-0-2.10.30-150400.3.47.1 as a component of openSUSE Leap 15.6 libgimpui-2_0-0-32bit-2.10.30-150400.3.47.1 as a component of openSUSE Leap 15.6 GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27823. CVE-2025-10934 SUSE Linux Enterprise Module for Package Hub 15 SP7:gimp-2.10.30-150400.3.47.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:gimp-devel-2.10.30-150400.3.47.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:gimp-lang-2.10.30-150400.3.47.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:gimp-plugin-aa-2.10.30-150400.3.47.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:libgimp-2_0-0-2.10.30-150400.3.47.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:libgimpui-2_0-0-2.10.30-150400.3.47.1 SUSE Linux Enterprise Workstation Extension 15 SP7:gimp-2.10.30-150400.3.47.1 SUSE Linux Enterprise Workstation Extension 15 SP7:gimp-devel-2.10.30-150400.3.47.1 SUSE Linux Enterprise Workstation Extension 15 SP7:gimp-lang-2.10.30-150400.3.47.1 SUSE Linux Enterprise Workstation Extension 15 SP7:libgimp-2_0-0-2.10.30-150400.3.47.1 SUSE Linux Enterprise Workstation Extension 15 SP7:libgimpui-2_0-0-2.10.30-150400.3.47.1 openSUSE Leap 15.6:gimp-2.10.30-150400.3.47.1 openSUSE Leap 15.6:gimp-devel-2.10.30-150400.3.47.1 openSUSE Leap 15.6:gimp-lang-2.10.30-150400.3.47.1 openSUSE Leap 15.6:gimp-plugin-aa-2.10.30-150400.3.47.1 openSUSE Leap 15.6:libgimp-2_0-0-2.10.30-150400.3.47.1 openSUSE Leap 15.6:libgimp-2_0-0-32bit-2.10.30-150400.3.47.1 openSUSE Leap 15.6:libgimpui-2_0-0-2.10.30-150400.3.47.1 openSUSE Leap 15.6:libgimpui-2_0-0-32bit-2.10.30-150400.3.47.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260684-1/ https://www.suse.com/security/cve/CVE-2025-10934.html CVE-2025-10934 https://bugzilla.suse.com/1252886 SUSE Bug 1252886 GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PGM files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28158. CVE-2026-2044 SUSE Linux Enterprise Module for Package Hub 15 SP7:gimp-2.10.30-150400.3.47.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:gimp-devel-2.10.30-150400.3.47.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:gimp-lang-2.10.30-150400.3.47.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:gimp-plugin-aa-2.10.30-150400.3.47.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:libgimp-2_0-0-2.10.30-150400.3.47.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:libgimpui-2_0-0-2.10.30-150400.3.47.1 SUSE Linux Enterprise Workstation Extension 15 SP7:gimp-2.10.30-150400.3.47.1 SUSE Linux Enterprise Workstation Extension 15 SP7:gimp-devel-2.10.30-150400.3.47.1 SUSE Linux Enterprise Workstation Extension 15 SP7:gimp-lang-2.10.30-150400.3.47.1 SUSE Linux Enterprise Workstation Extension 15 SP7:libgimp-2_0-0-2.10.30-150400.3.47.1 SUSE Linux Enterprise Workstation Extension 15 SP7:libgimpui-2_0-0-2.10.30-150400.3.47.1 openSUSE Leap 15.6:gimp-2.10.30-150400.3.47.1 openSUSE Leap 15.6:gimp-devel-2.10.30-150400.3.47.1 openSUSE Leap 15.6:gimp-lang-2.10.30-150400.3.47.1 openSUSE Leap 15.6:gimp-plugin-aa-2.10.30-150400.3.47.1 openSUSE Leap 15.6:libgimp-2_0-0-2.10.30-150400.3.47.1 openSUSE Leap 15.6:libgimp-2_0-0-32bit-2.10.30-150400.3.47.1 openSUSE Leap 15.6:libgimpui-2_0-0-2.10.30-150400.3.47.1 openSUSE Leap 15.6:libgimpui-2_0-0-32bit-2.10.30-150400.3.47.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260684-1/ https://www.suse.com/security/cve/CVE-2026-2044.html CVE-2026-2044 https://bugzilla.suse.com/1258532 SUSE Bug 1258532 GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28265. CVE-2026-2045 SUSE Linux Enterprise Module for Package Hub 15 SP7:gimp-2.10.30-150400.3.47.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:gimp-devel-2.10.30-150400.3.47.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:gimp-lang-2.10.30-150400.3.47.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:gimp-plugin-aa-2.10.30-150400.3.47.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:libgimp-2_0-0-2.10.30-150400.3.47.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:libgimpui-2_0-0-2.10.30-150400.3.47.1 SUSE Linux Enterprise Workstation Extension 15 SP7:gimp-2.10.30-150400.3.47.1 SUSE Linux Enterprise Workstation Extension 15 SP7:gimp-devel-2.10.30-150400.3.47.1 SUSE Linux Enterprise Workstation Extension 15 SP7:gimp-lang-2.10.30-150400.3.47.1 SUSE Linux Enterprise Workstation Extension 15 SP7:libgimp-2_0-0-2.10.30-150400.3.47.1 SUSE Linux Enterprise Workstation Extension 15 SP7:libgimpui-2_0-0-2.10.30-150400.3.47.1 openSUSE Leap 15.6:gimp-2.10.30-150400.3.47.1 openSUSE Leap 15.6:gimp-devel-2.10.30-150400.3.47.1 openSUSE Leap 15.6:gimp-lang-2.10.30-150400.3.47.1 openSUSE Leap 15.6:gimp-plugin-aa-2.10.30-150400.3.47.1 openSUSE Leap 15.6:libgimp-2_0-0-2.10.30-150400.3.47.1 openSUSE Leap 15.6:libgimp-2_0-0-32bit-2.10.30-150400.3.47.1 openSUSE Leap 15.6:libgimpui-2_0-0-2.10.30-150400.3.47.1 openSUSE Leap 15.6:libgimpui-2_0-0-32bit-2.10.30-150400.3.47.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260684-1/ https://www.suse.com/security/cve/CVE-2026-2045.html CVE-2026-2045 https://bugzilla.suse.com/1258533 SUSE Bug 1258533 GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28591. CVE-2026-2048 SUSE Linux Enterprise Module for Package Hub 15 SP7:gimp-2.10.30-150400.3.47.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:gimp-devel-2.10.30-150400.3.47.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:gimp-lang-2.10.30-150400.3.47.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:gimp-plugin-aa-2.10.30-150400.3.47.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:libgimp-2_0-0-2.10.30-150400.3.47.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:libgimpui-2_0-0-2.10.30-150400.3.47.1 SUSE Linux Enterprise Workstation Extension 15 SP7:gimp-2.10.30-150400.3.47.1 SUSE Linux Enterprise Workstation Extension 15 SP7:gimp-devel-2.10.30-150400.3.47.1 SUSE Linux Enterprise Workstation Extension 15 SP7:gimp-lang-2.10.30-150400.3.47.1 SUSE Linux Enterprise Workstation Extension 15 SP7:libgimp-2_0-0-2.10.30-150400.3.47.1 SUSE Linux Enterprise Workstation Extension 15 SP7:libgimpui-2_0-0-2.10.30-150400.3.47.1 openSUSE Leap 15.6:gimp-2.10.30-150400.3.47.1 openSUSE Leap 15.6:gimp-devel-2.10.30-150400.3.47.1 openSUSE Leap 15.6:gimp-lang-2.10.30-150400.3.47.1 openSUSE Leap 15.6:gimp-plugin-aa-2.10.30-150400.3.47.1 openSUSE Leap 15.6:libgimp-2_0-0-2.10.30-150400.3.47.1 openSUSE Leap 15.6:libgimp-2_0-0-32bit-2.10.30-150400.3.47.1 openSUSE Leap 15.6:libgimpui-2_0-0-2.10.30-150400.3.47.1 openSUSE Leap 15.6:libgimpui-2_0-0-32bit-2.10.30-150400.3.47.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260684-1/ https://www.suse.com/security/cve/CVE-2026-2048.html CVE-2026-2048 https://bugzilla.suse.com/1258535 SUSE Bug 1258535