An update for gimp is now available for openEuler-24.03-LTS-SP2 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-2641 Final 1.0 1.0 2025-11-07 Initial 2025-11-07 2025-11-07 openEuler SA Tool V1.0 2025-11-07 gimp security update An update for gimp is now available for openEuler-24.03-LTS-SP2 GIMP is a cross-platform image editor available for GNU/Linux, OS X, Windows and more operating systems. It is free software, you can change its source code and distribute your changes. Whether you are a graphic designer, photographer, illustrator, or scientist, GIMP provides you with sophisticated tools to get your job done. You can further enhance your productivity with GIMP thanks to many customization options and 3rd party plugins. Security Fix(es): GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27823.(CVE-2025-10934) An update for gimp is now available for openEuler-24.03-LTS-SP2. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High gimp https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2641 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-10934 https://nvd.nist.gov/vuln/detail/CVE-2025-10934 openEuler-24.03-LTS-SP2 gimp-3.0.2-5.oe2403sp2.src.rpm gimp-3.0.2-5.oe2403sp2.x86_64.rpm gimp-debuginfo-3.0.2-5.oe2403sp2.x86_64.rpm gimp-debugsource-3.0.2-5.oe2403sp2.x86_64.rpm gimp-devel-3.0.2-5.oe2403sp2.x86_64.rpm gimp-extension-goat-excercises-3.0.2-5.oe2403sp2.x86_64.rpm gimp-libs-3.0.2-5.oe2403sp2.x86_64.rpm gimp-plugin-aa-3.0.2-5.oe2403sp2.x86_64.rpm gimp-plugin-python3-3.0.2-5.oe2403sp2.x86_64.rpm gimp-vala-3.0.2-5.oe2403sp2.x86_64.rpm gimp-3.0.2-5.oe2403sp2.aarch64.rpm gimp-debuginfo-3.0.2-5.oe2403sp2.aarch64.rpm gimp-debugsource-3.0.2-5.oe2403sp2.aarch64.rpm gimp-devel-3.0.2-5.oe2403sp2.aarch64.rpm gimp-extension-goat-excercises-3.0.2-5.oe2403sp2.aarch64.rpm gimp-libs-3.0.2-5.oe2403sp2.aarch64.rpm gimp-plugin-aa-3.0.2-5.oe2403sp2.aarch64.rpm gimp-plugin-python3-3.0.2-5.oe2403sp2.aarch64.rpm gimp-vala-3.0.2-5.oe2403sp2.aarch64.rpm GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27823. 2025-11-07 CVE-2025-10934 openEuler-24.03-LTS-SP2 High 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H gimp security update 2025-11-07 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2641