NIXPKGS-2026-0777

GitHub issue published on 27 Mar 2026

Permalink CVE-2026-2239

2.8 LOW

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): LOW

updated 1 day ago by @LeSuisse Activity log

Created automatic suggestion 1 day, 9 hours ago
@LeSuisse removed
28 packages
- zigimports
- gimpPlugins.bimp
- gimpPlugins.gimp
- gimpPlugins.gmic
- gimp-with-plugins
- gimp2Plugins.bimp
- gimp2Plugins.gimp
- gimp2Plugins.gmic
- gimp3Plugins.gimp
- gimp3Plugins.gmic
- gimp2-with-plugins
- gimp3-with-plugins
- gimpPlugins.fourier
- gimp2Plugins.fourier
- gimpPlugins.farbfeld
- gimp2Plugins.farbfeld
- gimpPlugins.lightning
- gimpPlugins.lqrPlugin
- gimpPlugins.texturize
- gimp2Plugins.lightning
- gimp2Plugins.lqrPlugin
- gimp2Plugins.texturize
- gimp3Plugins.lightning
- gimpPlugins.gimplensfun
- gimp2Plugins.gimplensfun
- gimpPlugins.resynthesizer
- gimpPlugins.waveletSharpen
- gimp2Plugins.waveletSharpen
1 day ago
@LeSuisse accepted 1 day ago
@LeSuisse published on GitHub 1 day ago

Gimp: gimp: application crash (dos) via crafted psd file due to heap-buffer-overflow

A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the fread_pascal_string function when processing a specially crafted PSD (Photoshop Document) file. This occurs because the buffer allocated for a Pascal string is not properly null-terminated, leading to an out-of-bounds read when strlen() is subsequently called. Successfully exploiting this vulnerability can cause the application to crash, resulting in an application level Denial of Service.

References

https://access.redhat.com/security/cve/CVE-2026-2239 x_refsource_REDHAT vdb-entry
RHBZ#2437675 issue-tracking x_refsource_REDHAT
https://gitlab.gnome.org/GNOME/gimp/-/issues/15812

Affected products

gimp

gimp:2.8/gimp

Matching in nixpkgs

pkgs.gimp

GNU Image Manipulation Program

nixos-unstable 3.0.8
- nixpkgs-unstable 3.0.8
- nixos-unstable-small 3.0.8
nixos-25.11 3.0.4
- nixos-25.11-small 3.0.4
- nixpkgs-25.11-darwin 3.0.4

pkgs.gimp2

GNU Image Manipulation Program

nixos-unstable 2.10.38
- nixpkgs-unstable 2.10.38
- nixos-unstable-small 2.10.38
nixos-25.11 2.10.38
- nixos-25.11-small 2.10.38
- nixpkgs-25.11-darwin 2.10.38

pkgs.gimp3

GNU Image Manipulation Program

nixos-unstable 3.0.8
- nixpkgs-unstable 3.0.8
- nixos-unstable-small 3.0.8
nixos-25.11 3.0.4
- nixos-25.11-small 3.0.4
- nixpkgs-25.11-darwin 3.0.4

Ignored packages (28)

pkgs.zigimports

Automatically remove unused imports and globals from Zig files

nixos-unstable 0.1.0
- nixpkgs-unstable 0.1.0
- nixos-unstable-small 0.1.0
nixos-25.11 0.1.0
- nixos-25.11-small 0.1.0
- nixpkgs-25.11-darwin 0.1.0

pkgs.gimpPlugins.bimp

Batch Image Manipulation Plugin for GIMP

pkgs.gimpPlugins.gimp

GNU Image Manipulation Program

nixos-unstable 3.0.8
- nixpkgs-unstable 3.0.8
- nixos-unstable-small 3.0.8
nixos-25.11 3.0.4
- nixos-25.11-small 3.0.4
- nixpkgs-25.11-darwin 3.0.4

pkgs.gimpPlugins.gmic

GIMP plugin for the G'MIC image processing framework

nixos-unstable 3.5.0
- nixpkgs-unstable 3.5.0
- nixos-unstable-small 3.5.0
nixos-25.11 3.5.0
- nixos-25.11-small 3.5.0
- nixpkgs-25.11-darwin 3.5.0

pkgs.gimp-with-plugins

GNU Image Manipulation Program

nixos-unstable 3.0.8
- nixpkgs-unstable 3.0.8
- nixos-unstable-small 3.0.8
nixos-25.11 3.0.4
- nixos-25.11-small 3.0.4
- nixpkgs-25.11-darwin 3.0.4

pkgs.gimp2Plugins.bimp

Batch Image Manipulation Plugin for GIMP

nixos-unstable 2.6
- nixpkgs-unstable 2.6
- nixos-unstable-small 2.6
nixos-25.11 2.6
- nixos-25.11-small 2.6
- nixpkgs-25.11-darwin 2.6

pkgs.gimp2Plugins.gimp

GNU Image Manipulation Program

nixos-unstable 2.10.38
- nixpkgs-unstable 2.10.38
- nixos-unstable-small 2.10.38
nixos-25.11 2.10.38
- nixos-25.11-small 2.10.38
- nixpkgs-25.11-darwin 2.10.38

pkgs.gimp2Plugins.gmic

GIMP plugin for the G'MIC image processing framework

nixos-unstable 3.5.0
- nixpkgs-unstable 3.5.0
- nixos-unstable-small 3.5.0
nixos-25.11 3.5.0
- nixos-25.11-small 3.5.0
- nixpkgs-25.11-darwin 3.5.0

pkgs.gimp3Plugins.gimp

GNU Image Manipulation Program

pkgs.gimp3Plugins.gmic

GIMP plugin for the G'MIC image processing framework

pkgs.gimp2-with-plugins

GNU Image Manipulation Program

nixos-unstable 2.10.38
- nixpkgs-unstable 2.10.38
- nixos-unstable-small 2.10.38
nixos-25.11 2.10.38
- nixos-25.11-small 2.10.38
- nixpkgs-25.11-darwin 2.10.38

pkgs.gimp3-with-plugins

GNU Image Manipulation Program

nixos-unstable 3.0.8
- nixpkgs-unstable 3.0.8
- nixos-unstable-small 3.0.8
nixos-25.11 3.0.4
- nixos-25.11-small 3.0.4
- nixpkgs-25.11-darwin 3.0.4

pkgs.gimpPlugins.fourier

GIMP plug-in to do the fourier transform

pkgs.gimp2Plugins.fourier

GIMP plug-in to do the fourier transform

nixos-unstable 0.4.3
- nixpkgs-unstable 0.4.3
- nixos-unstable-small 0.4.3
nixos-25.11 0.4.3
- nixos-25.11-small 0.4.3
- nixpkgs-25.11-darwin 0.4.3

pkgs.gimpPlugins.farbfeld

Gimp plug-in for the farbfeld image format

pkgs.gimp2Plugins.farbfeld

Gimp plug-in for the farbfeld image format

nixos-unstable 2019-08-12
- nixpkgs-unstable 2019-08-12
- nixos-unstable-small 2019-08-12
nixos-25.11 2019-08-12
- nixos-25.11-small 2019-08-12
- nixpkgs-25.11-darwin 2019-08-12

pkgs.gimpPlugins.lightning

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.gimpPlugins.lqrPlugin

None

pkgs.gimpPlugins.texturize

None

pkgs.gimp2Plugins.lightning

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.gimp2Plugins.lqrPlugin

None

nixos-unstable 0.7.2
- nixpkgs-unstable 0.7.2
- nixos-unstable-small 0.7.2
nixos-25.11 0.7.2
- nixos-25.11-small 0.7.2
- nixpkgs-25.11-darwin 0.7.2

pkgs.gimp2Plugins.texturize

None

nixos-unstable 2.2+unstable=2021-12-03
- nixpkgs-unstable 2.2+unstable=2021-12-03
- nixos-unstable-small 2.2+unstable=2021-12-03
nixos-25.11 2.2+unstable=2021-12-03
- nixos-25.11-small 2.2+unstable=2021-12-03
- nixpkgs-25.11-darwin 2.2+unstable=2021-12-03

pkgs.gimp3Plugins.lightning

None

pkgs.gimpPlugins.gimplensfun

GIMP plugin to correct lens distortion using the lensfun library and database

pkgs.gimp2Plugins.gimplensfun

GIMP plugin to correct lens distortion using the lensfun library and database

nixos-unstable 2018-10-21
- nixpkgs-unstable 2018-10-21
- nixos-unstable-small 2018-10-21
nixos-25.11 2018-10-21
- nixos-25.11-small 2018-10-21
- nixpkgs-25.11-darwin 2018-10-21

pkgs.gimpPlugins.resynthesizer

None

nixos-unstable 3.0
- nixpkgs-unstable 3.0
- nixos-unstable-small 3.0
nixos-25.11 3.0
- nixos-25.11-small 3.0
- nixpkgs-25.11-darwin 3.0

pkgs.gimpPlugins.waveletSharpen

None

pkgs.gimp2Plugins.waveletSharpen

None

nixos-unstable 0.1.2
- nixpkgs-unstable 0.1.2
- nixos-unstable-small 0.1.2
nixos-25.11 0.1.2
- nixos-25.11-small 0.1.2
- nixpkgs-25.11-darwin 0.1.2

Package maintainers

@jtojnar Jan Tojnar <jtojnar@gmail.com>

Upstream issue: https://gitlab.gnome.org/GNOME/gimp/-/issues/15812

Nixpkgs Security Tracker

Details of issue NIXPKGS-2026-0777

References

Affected products

Matching in nixpkgs

pkgs.gimp

pkgs.gimp2

pkgs.gimp3

pkgs.zigimports

pkgs.gimpPlugins.bimp

pkgs.gimpPlugins.gimp

pkgs.gimpPlugins.gmic

pkgs.gimp-with-plugins

pkgs.gimp2Plugins.bimp

pkgs.gimp2Plugins.gimp

pkgs.gimp2Plugins.gmic

pkgs.gimp3Plugins.gimp

pkgs.gimp3Plugins.gmic

pkgs.gimp2-with-plugins

pkgs.gimp3-with-plugins

pkgs.gimpPlugins.fourier

pkgs.gimp2Plugins.fourier

pkgs.gimpPlugins.farbfeld

pkgs.gimp2Plugins.farbfeld

pkgs.gimpPlugins.lightning

pkgs.gimpPlugins.lqrPlugin

pkgs.gimpPlugins.texturize

pkgs.gimp2Plugins.lightning

pkgs.gimp2Plugins.lqrPlugin

pkgs.gimp2Plugins.texturize

pkgs.gimp3Plugins.lightning

pkgs.gimpPlugins.gimplensfun

pkgs.gimp2Plugins.gimplensfun

pkgs.gimpPlugins.resynthesizer

pkgs.gimpPlugins.waveletSharpen

pkgs.gimp2Plugins.waveletSharpen

Package maintainers