ALSA-2025:9165

[ALSA-2025:9165] Important: gimp:2.8 security update

Type:

security

Severity:

important

Release date:

2025-06-30

Description:

The GIMP (GNU Image Manipulation Program) is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo.  

Security Fix(es):  

  * gimp: Multiple use after free in XCF parser (CVE-2025-48798)
  * gimp: Multiple heap buffer overflows in TGA parser (CVE-2025-48797)
  * gimp: GIMP ICO File Parsing Integer Overflow (CVE-2025-5473)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	gimp-libs-2.8.22-26.module_el8.10.0+4017+5eb23531.2.aarch64.rpm	2d98043de8654ceeb7b3ced2c0f850946a88166c49e385a8015f18dc4282d9f7
aarch64	gimp-devel-2.8.22-26.module_el8.10.0+4017+5eb23531.2.aarch64.rpm	3aeddf10cea8b82bb78bc8d2e6f65a75e480c4d0964c37415b5a32a1638dc930
aarch64	pygtk2-2.24.0-25.module_el8.9.0+3725+d1441900.aarch64.rpm	3b2ffb23dc24e83e10c83f4ccc075cc103fd56a2764b58524a1935394872ac76
aarch64	gimp-2.8.22-26.module_el8.10.0+4017+5eb23531.2.aarch64.rpm	538b8b18fd02730dee108294d4ff66cfafa6bab7e0e0ba709807a9cae9c67201
aarch64	pygtk2-codegen-2.24.0-25.module_el8.9.0+3725+d1441900.aarch64.rpm	540e9dde16c8fa7c18f9542b838001305955750fe85125fcd97ba750289b5cb0
aarch64	pygtk2-devel-2.24.0-25.module_el8.9.0+3725+d1441900.aarch64.rpm	6ef991da497a0c4d97d896c8f26b8eace58ac5c5a2ca40c2f000ee3a0b016851
aarch64	python2-cairo-devel-1.16.3-7.module_el8.10.0+3952+571e801c.aarch64.rpm	7373ab0536e4867321103f1af19017e1a428a9b763636d0902ba99246a31cf1c
aarch64	pygobject2-codegen-2.28.7-5.module_el8.10.0+3952+571e801c.aarch64.rpm	8369dd267a3fd53afe09b18547426a1bedc0b9c916f8e032a00250159a95dc50
aarch64	gimp-devel-tools-2.8.22-26.module_el8.10.0+4017+5eb23531.2.aarch64.rpm	8a9b66988d02c7cea9caed40e7c86f5bb45f26729f82c91beda4bb2f44326680
aarch64	pygobject2-devel-2.28.7-5.module_el8.10.0+3952+571e801c.aarch64.rpm	bc7516e9af4df7c753d13ca58f0c98bbd8d469a410b02bba15d072add5692880
aarch64	python2-cairo-1.16.3-7.module_el8.10.0+3952+571e801c.aarch64.rpm	d140bb170981c279bed8331a3bbd9d9f2d53341292aee19a2fb49c0de12c57bf
aarch64	pygobject2-doc-2.28.7-5.module_el8.10.0+3952+571e801c.aarch64.rpm	ea5d7441ab1cba43c394c5c3d55569855f99e1f7625695202a87d2694e679e7a
aarch64	pygobject2-2.28.7-5.module_el8.10.0+3952+571e801c.aarch64.rpm	f8a6848c52c9795110a6316831694c7cc7929bf5d3811e81d0a37cfd8ea77902
noarch	pygtk2-doc-2.24.0-25.module_el8.9.0+3725+d1441900.noarch.rpm	bec32577bca5233d67a34af1ef0ae0d1ca15f8896607b22d94cc18d8d4c93d70
ppc64le	gimp-devel-2.8.22-26.module_el8.10.0+4017+5eb23531.2.ppc64le.rpm	168c7d98339f203c638e8f95f2b380e32cbd671ef869727e5d919223b4a0c61a
ppc64le	python2-cairo-1.16.3-7.module_el8.10.0+3952+571e801c.ppc64le.rpm	3922bdac339ed853759cfc9bdb5208ce120694bcbd3ba6b91aa296b29518e1a7
ppc64le	pygtk2-devel-2.24.0-25.module_el8.9.0+3725+d1441900.ppc64le.rpm	400bfe9b8ecc094297226eeab20bf88f02344beb51ec20496ddd8cfe6d138b0e
ppc64le	pygtk2-codegen-2.24.0-25.module_el8.9.0+3725+d1441900.ppc64le.rpm	50de78cdd9a7eb9d765416ef8b6025d0212b9f400834b8309ebacedc54f59186
ppc64le	pygobject2-codegen-2.28.7-5.module_el8.10.0+3952+571e801c.ppc64le.rpm	5296203f8bb1d8aef5ffb7b68af79e25f062e5996049f43cb4d1928c21ba908e
ppc64le	gimp-libs-2.8.22-26.module_el8.10.0+4017+5eb23531.2.ppc64le.rpm	5baacb1bb2247e8d82ad9aca07fc257814d2055f7d9a21095cf32a450b71168f
ppc64le	pygobject2-2.28.7-5.module_el8.10.0+3952+571e801c.ppc64le.rpm	612f77458d539550a328a96283cdcaff2486c3375b692cba14f6ddf304e54607
ppc64le	pygtk2-2.24.0-25.module_el8.9.0+3725+d1441900.ppc64le.rpm	6ffbf1d5a9ac7e89910005c28ad62626a281d20ff5b3c2b7d192e996eaedff85
ppc64le	python2-cairo-devel-1.16.3-7.module_el8.10.0+3952+571e801c.ppc64le.rpm	8d4fb54a3d197c96246a409f0f79b94609472c2e041fc752ec981658623279d6
ppc64le	pygobject2-doc-2.28.7-5.module_el8.10.0+3952+571e801c.ppc64le.rpm	91acf43f5d375c880855f4d716949337254c85a740ddc7275d887acb887a249a
ppc64le	gimp-devel-tools-2.8.22-26.module_el8.10.0+4017+5eb23531.2.ppc64le.rpm	bf30e89ad2912ce2becbe82e998c6f6f2b5bbb58d258b25674290f6efcb363bd
ppc64le	pygobject2-devel-2.28.7-5.module_el8.10.0+3952+571e801c.ppc64le.rpm	f909ac9d4fea6fa3f0642c9cc594592276b1c7e9f0e214f7ae719b577d88558d
ppc64le	gimp-2.8.22-26.module_el8.10.0+4017+5eb23531.2.ppc64le.rpm	fff225e8566a1c8655ecbb77fd754969e050c4e40de31570639028d0885e772b
s390x	gimp-devel-tools-2.8.22-26.module_el8.10.0+4017+5eb23531.2.s390x.rpm	081966b15c26d51974902ec2972d3f45e6d51ad9af3df8bb3de4a2992d3cfe17
s390x	pygobject2-codegen-2.28.7-5.module_el8.10.0+3952+571e801c.s390x.rpm	1a42f4acacfe6991c3ea72ee10bdbe8bb963fe6e94e725c0c6cc5162d35f2e55
s390x	gimp-devel-2.8.22-26.module_el8.10.0+4017+5eb23531.2.s390x.rpm	2c1bc5f49fb290f93d3e800ffb3794ae51be837134bcd2d28aed49048c63b772
s390x	pygtk2-devel-2.24.0-25.module_el8.9.0+3725+d1441900.s390x.rpm	42ea8b58abfff83cebc7a09a7f6f264b168a95782decbb03b4fcfef37fd7c062
s390x	pygtk2-2.24.0-25.module_el8.9.0+3725+d1441900.s390x.rpm	43c790ef899908821a64cfad4af33097d1a9d9351a75d63d45e4363e0d91eec8
s390x	pygobject2-doc-2.28.7-5.module_el8.10.0+3952+571e801c.s390x.rpm	5104a2191c14aaf70d6f3d9ebf6374c054a182a2a7b0f63f32c1adc918ad4111
s390x	gimp-libs-2.8.22-26.module_el8.10.0+4017+5eb23531.2.s390x.rpm	6b19084908412ed030cec167261d0b9e5f1247fc5bfdf934785076b925e0cff4
s390x	pygobject2-devel-2.28.7-5.module_el8.10.0+3952+571e801c.s390x.rpm	753e845a487e2072a62bfa272332266761c207df3360102c42900695a0fe3d32
s390x	pygtk2-codegen-2.24.0-25.module_el8.9.0+3725+d1441900.s390x.rpm	91402fea22feef9d15400358a93ae5d2ff0b95b332edfbae2245ac5846848476
s390x	pygobject2-2.28.7-5.module_el8.10.0+3952+571e801c.s390x.rpm	d9c541afe98fa2f9c4fb770991f7c15dae66b0b36616ff2b94ae7c824b1b0e84
s390x	python2-cairo-1.16.3-7.module_el8.10.0+3952+571e801c.s390x.rpm	e015ce54a4c31a35c21aa3d77fd6d10674ff10a9058f1dd194a9167328d8a0d9
s390x	python2-cairo-devel-1.16.3-7.module_el8.10.0+3952+571e801c.s390x.rpm	ecc0dda98450cefa8281d354f444d8e91876cc91f2cf6c8fd8ecf460a4dbdc8b
s390x	gimp-2.8.22-26.module_el8.10.0+4017+5eb23531.2.s390x.rpm	f220494abcd0c4fb304937f042d2bf9d1ee3c55d16dcdb15b5a4757f95161bfa
x86_64	pygobject2-codegen-2.28.7-5.module_el8.10.0+3952+571e801c.x86_64.rpm	1bcfd78f679150a1396a88383f3354d767895afd8b982c21a404dcf5386d2d5e
x86_64	gimp-devel-2.8.22-26.module_el8.10.0+4017+5eb23531.2.x86_64.rpm	2284233b9ed0447568ca16035bd060fcde3fd5b0289a99230719960e4974045e
x86_64	pygtk2-devel-2.24.0-25.module_el8.9.0+3725+d1441900.x86_64.rpm	2f4d1ad704a236fdf89e2a91bad27c1290cc018d37a94b535bfe9b56d51393b8
x86_64	gimp-libs-2.8.22-26.module_el8.10.0+4017+5eb23531.2.x86_64.rpm	36ef2cbad587448fa082b9f7c738ccc8ea1ac66536de01659e5a41b7ace9116d
x86_64	gimp-devel-tools-2.8.22-26.module_el8.10.0+4017+5eb23531.2.x86_64.rpm	46367f6cf290e402d9f8e524629aacb8ed14d41921587df7a0202eb6ecd63770
x86_64	python2-cairo-1.16.3-7.module_el8.10.0+3952+571e801c.x86_64.rpm	60d3e106bcf1c2e871462cd99c86804b60a4611aae264c80e464cfb6b8c4d990
x86_64	python2-cairo-devel-1.16.3-7.module_el8.10.0+3952+571e801c.x86_64.rpm	b41622e2c38449e82ade474cefe222d04355d7108cd5634e05feeb2f861f6895
x86_64	pygtk2-2.24.0-25.module_el8.9.0+3725+d1441900.x86_64.rpm	c31a1d5dc208ac6b26e5a44000795e1e773e1e95a479c0529997765ba24fdcff
x86_64	pygobject2-devel-2.28.7-5.module_el8.10.0+3952+571e801c.x86_64.rpm	d5feeacb1114c9289b66e927700575ce8cb55214bb41474b0ca9a896a0ca9841
x86_64	pygtk2-codegen-2.24.0-25.module_el8.9.0+3725+d1441900.x86_64.rpm	e091c6387576c98a524580d77825cb438dc432a85725b99800ce9d147fe93ba6
x86_64	pygobject2-doc-2.28.7-5.module_el8.10.0+3952+571e801c.x86_64.rpm	e20cd80d4022867779dbb1a5bbb8dd9805289a90a79f95b709052da44108d977
x86_64	gimp-2.8.22-26.module_el8.10.0+4017+5eb23531.2.x86_64.rpm	efec89e2578ea31399e0f9dce72c607d39a63fc098dfff432f45b3aa083efd7a
x86_64	pygobject2-2.28.7-5.module_el8.10.0+3952+571e801c.x86_64.rpm	fa3c7b63392769798cb37548395651bb5cbfd279c28d5415eaae15f33ef5c219

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.