NIXPKGS-2026-0318

GitHub issue published on 26 Feb 2026

Permalink CVE-2026-2048

updated 1 month ago by @LeSuisse Activity log

Created automatic suggestion 1 month, 1 week ago
@LeSuisse removed
28 packages
- zigimports
- gimpPlugins.bimp
- gimpPlugins.gimp
- gimpPlugins.gmic
- gimp-with-plugins
- gimp2Plugins.bimp
- gimp2Plugins.gimp
- gimp2Plugins.gmic
- gimp3Plugins.gimp
- gimp3Plugins.gmic
- gimp2-with-plugins
- gimp3-with-plugins
- gimpPlugins.fourier
- gimp2Plugins.fourier
- gimpPlugins.farbfeld
- gimp2Plugins.farbfeld
- gimpPlugins.lightning
- gimpPlugins.lqrPlugin
- gimpPlugins.texturize
- gimp2Plugins.lightning
- gimp2Plugins.lqrPlugin
- gimp2Plugins.texturize
- gimp3Plugins.lightning
- gimpPlugins.gimplensfun
- gimp2Plugins.gimplensfun
- gimpPlugins.resynthesizer
- gimpPlugins.waveletSharpen
- gimp2Plugins.waveletSharpen
1 month ago
@LeSuisse accepted 1 month ago
@LeSuisse published on GitHub 1 month ago

GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28591.

References

vendor-provided URL vendor-advisory
ZDI-26-121 x_research-advisory

Affected products

GIMP

==3.2.0-RC1

Matching in nixpkgs

pkgs.gimp

GNU Image Manipulation Program

nixos-unstable 3.0.6
- nixpkgs-unstable 3.0.6
- nixos-unstable-small 3.0.6
nixos-25.11 3.0.4
- nixos-25.11-small 3.0.4
- nixpkgs-25.11-darwin 3.0.4

pkgs.gimp2

GNU Image Manipulation Program

nixos-unstable 2.10.38
- nixpkgs-unstable 2.10.38
- nixos-unstable-small 2.10.38
nixos-25.11 2.10.38
- nixos-25.11-small 2.10.38
- nixpkgs-25.11-darwin 2.10.38

pkgs.gimp3

GNU Image Manipulation Program

nixos-unstable 3.0.6
- nixpkgs-unstable 3.0.6
- nixos-unstable-small 3.0.6
nixos-25.11 3.0.4
- nixos-25.11-small 3.0.4
- nixpkgs-25.11-darwin 3.0.4

Ignored packages (28)

pkgs.zigimports

Automatically remove unused imports and globals from Zig files

nixos-unstable 0.1.0
- nixpkgs-unstable 0.1.0
- nixos-unstable-small 0.1.0
nixos-25.11 0.1.0
- nixos-25.11-small 0.1.0
- nixpkgs-25.11-darwin 0.1.0

pkgs.gimpPlugins.bimp

Batch Image Manipulation Plugin for GIMP

pkgs.gimpPlugins.gimp

GNU Image Manipulation Program

nixos-unstable 3.0.6
- nixpkgs-unstable 3.0.6
- nixos-unstable-small 3.0.6
nixos-25.11 3.0.4
- nixos-25.11-small 3.0.4
- nixpkgs-25.11-darwin 3.0.4

pkgs.gimpPlugins.gmic

GIMP plugin for the G'MIC image processing framework

nixos-unstable 3.5.0
- nixpkgs-unstable 3.5.0
- nixos-unstable-small 3.5.0
nixos-25.11 3.5.0
- nixos-25.11-small 3.5.0
- nixpkgs-25.11-darwin 3.5.0

pkgs.gimp-with-plugins

GNU Image Manipulation Program

nixos-unstable 3.0.6
- nixpkgs-unstable 3.0.6
- nixos-unstable-small 3.0.6
nixos-25.11 3.0.4
- nixos-25.11-small 3.0.4
- nixpkgs-25.11-darwin 3.0.4

pkgs.gimp2Plugins.bimp

Batch Image Manipulation Plugin for GIMP

nixos-unstable 2.6
- nixpkgs-unstable 2.6
- nixos-unstable-small 2.6
nixos-25.11 2.6
- nixos-25.11-small 2.6
- nixpkgs-25.11-darwin 2.6

pkgs.gimp2Plugins.gimp

GNU Image Manipulation Program

nixos-unstable 2.10.38
- nixpkgs-unstable 2.10.38
- nixos-unstable-small 2.10.38
nixos-25.11 2.10.38
- nixos-25.11-small 2.10.38
- nixpkgs-25.11-darwin 2.10.38

pkgs.gimp2Plugins.gmic

GIMP plugin for the G'MIC image processing framework

nixos-unstable 3.5.0
- nixpkgs-unstable 3.5.0
- nixos-unstable-small 3.5.0
nixos-25.11 3.5.0
- nixos-25.11-small 3.5.0
- nixpkgs-25.11-darwin 3.5.0

pkgs.gimp3Plugins.gimp

GNU Image Manipulation Program

pkgs.gimp3Plugins.gmic

GIMP plugin for the G'MIC image processing framework

pkgs.gimp2-with-plugins

GNU Image Manipulation Program

nixos-unstable 2.10.38
- nixpkgs-unstable 2.10.38
- nixos-unstable-small 2.10.38
nixos-25.11 2.10.38
- nixos-25.11-small 2.10.38
- nixpkgs-25.11-darwin 2.10.38

pkgs.gimp3-with-plugins

GNU Image Manipulation Program

nixos-unstable 3.0.6
- nixpkgs-unstable 3.0.6
- nixos-unstable-small 3.0.6
nixos-25.11 3.0.4
- nixos-25.11-small 3.0.4
- nixpkgs-25.11-darwin 3.0.4

pkgs.gimpPlugins.fourier

GIMP plug-in to do the fourier transform

pkgs.gimp2Plugins.fourier

GIMP plug-in to do the fourier transform

nixos-unstable 0.4.3
- nixpkgs-unstable 0.4.3
- nixos-unstable-small 0.4.3
nixos-25.11 0.4.3
- nixos-25.11-small 0.4.3
- nixpkgs-25.11-darwin 0.4.3

pkgs.gimpPlugins.farbfeld

Gimp plug-in for the farbfeld image format

pkgs.gimp2Plugins.farbfeld

Gimp plug-in for the farbfeld image format

nixos-unstable 2019-08-12
- nixpkgs-unstable 2019-08-12
- nixos-unstable-small 2019-08-12
nixos-25.11 2019-08-12
- nixos-25.11-small 2019-08-12
- nixpkgs-25.11-darwin 2019-08-12

pkgs.gimpPlugins.lightning

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.gimpPlugins.lqrPlugin

None

pkgs.gimpPlugins.texturize

None

pkgs.gimp2Plugins.lightning

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.gimp2Plugins.lqrPlugin

None

nixos-unstable 0.7.2
- nixpkgs-unstable 0.7.2
- nixos-unstable-small 0.7.2
nixos-25.11 0.7.2
- nixos-25.11-small 0.7.2
- nixpkgs-25.11-darwin 0.7.2

pkgs.gimp2Plugins.texturize

None

nixos-unstable 2.2+unstable=2021-12-03
- nixpkgs-unstable 2.2+unstable=2021-12-03
- nixos-unstable-small 2.2+unstable=2021-12-03
nixos-25.11 2.2+unstable=2021-12-03
- nixos-25.11-small 2.2+unstable=2021-12-03
- nixpkgs-25.11-darwin 2.2+unstable=2021-12-03

pkgs.gimp3Plugins.lightning

None

pkgs.gimpPlugins.gimplensfun

GIMP plugin to correct lens distortion using the lensfun library and database

pkgs.gimp2Plugins.gimplensfun

GIMP plugin to correct lens distortion using the lensfun library and database

nixos-unstable 2018-10-21
- nixpkgs-unstable 2018-10-21
- nixos-unstable-small 2018-10-21
nixos-25.11 2018-10-21
- nixos-25.11-small 2018-10-21
- nixpkgs-25.11-darwin 2018-10-21

pkgs.gimpPlugins.resynthesizer

None

nixos-unstable 3.0
- nixpkgs-unstable 3.0
- nixos-unstable-small 3.0
nixos-25.11 3.0
- nixos-25.11-small 3.0
- nixpkgs-25.11-darwin 3.0

pkgs.gimpPlugins.waveletSharpen

None

pkgs.gimp2Plugins.waveletSharpen

None

nixos-unstable 0.1.2
- nixpkgs-unstable 0.1.2
- nixos-unstable-small 0.1.2
nixos-25.11 0.1.2
- nixos-25.11-small 0.1.2
- nixpkgs-25.11-darwin 0.1.2

Package maintainers

@jtojnar Jan Tojnar <jtojnar@gmail.com>

Upstream issue: https://gitlab.gnome.org/GNOME/gimp/-/issues/15554
Upstream patches:
* https://gitlab.gnome.org/GNOME/gimp/-/commit/57712677007793118388c5be6fb8231f22a2b341 (master)
* https://gitlab.gnome.org/GNOME/gimp/-/commit/fa69ac5ec5692f675de5c50a6df758f7d3e45117 (gimp-3-0)

Nixpkgs Security Tracker

Details of issue NIXPKGS-2026-0318

References

Affected products

Matching in nixpkgs

pkgs.gimp

pkgs.gimp2

pkgs.gimp3

pkgs.zigimports

pkgs.gimpPlugins.bimp

pkgs.gimpPlugins.gimp

pkgs.gimpPlugins.gmic

pkgs.gimp-with-plugins

pkgs.gimp2Plugins.bimp

pkgs.gimp2Plugins.gimp

pkgs.gimp2Plugins.gmic

pkgs.gimp3Plugins.gimp

pkgs.gimp3Plugins.gmic

pkgs.gimp2-with-plugins

pkgs.gimp3-with-plugins

pkgs.gimpPlugins.fourier

pkgs.gimp2Plugins.fourier

pkgs.gimpPlugins.farbfeld

pkgs.gimp2Plugins.farbfeld

pkgs.gimpPlugins.lightning

pkgs.gimpPlugins.lqrPlugin

pkgs.gimpPlugins.texturize

pkgs.gimp2Plugins.lightning

pkgs.gimp2Plugins.lqrPlugin

pkgs.gimp2Plugins.texturize

pkgs.gimp3Plugins.lightning

pkgs.gimpPlugins.gimplensfun

pkgs.gimp2Plugins.gimplensfun

pkgs.gimpPlugins.resynthesizer

pkgs.gimpPlugins.waveletSharpen

pkgs.gimp2Plugins.waveletSharpen

Package maintainers