Nixpkgs security tracker

Login with GitHub

Suggestion detail

Untriaged

Permalink CVE-2026-40915

5.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

created 2 weeks ago Activity log

Created suggestion 2 weeks ago

Gimp: gimp: heap buffer overflow due to integer overflow in fits image loader

A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the FITS image loader by providing a specially crafted FITS file. This integer overflow leads to a zero-byte memory allocation, which is then subjected to a heap buffer overflow when processing pixel data. Successful exploitation could result in a denial of service (DoS) or potentially arbitrary code execution.

References

https://access.redhat.com/security/cve/CVE-2026-40915 vdb-entryx_refsource_REDHAT
RHBZ#2458744 issue-trackingx_refsource_REDHAT

Affected products

gimp

gimp:2.8/gimp

Matching in nixpkgs

pkgs.gimp

GNU Image Manipulation Program

nixos-unstable 3.0.8
- nixpkgs-unstable 3.0.8
- nixos-unstable-small 3.0.8
nixos-25.11 3.0.4
- nixos-25.11-small 3.0.4
- nixpkgs-25.11-darwin 3.0.4

pkgs.gimp2

GNU Image Manipulation Program

nixos-unstable 2.10.38
- nixpkgs-unstable 2.10.38
- nixos-unstable-small 2.10.38
nixos-25.11 2.10.38
- nixos-25.11-small 2.10.38
- nixpkgs-25.11-darwin 2.10.38

pkgs.gimp3

GNU Image Manipulation Program

nixos-unstable 3.0.8
- nixpkgs-unstable 3.0.8
- nixos-unstable-small 3.0.8
nixos-25.11 3.0.4
- nixos-25.11-small 3.0.4
- nixpkgs-25.11-darwin 3.0.4

pkgs.zigimports

Automatically remove unused imports and globals from Zig files

nixos-unstable 0.1.0
- nixpkgs-unstable 0.1.0
- nixos-unstable-small 0.1.0
nixos-25.11 0.1.0
- nixos-25.11-small 0.1.0
- nixpkgs-25.11-darwin 0.1.0

pkgs.gimpPlugins.gimp

GNU Image Manipulation Program

nixos-unstable 3.0.8
- nixpkgs-unstable 3.0.8
- nixos-unstable-small 3.0.8
nixos-25.11 3.0.4
- nixos-25.11-small 3.0.4
- nixpkgs-25.11-darwin 3.0.4

pkgs.gimpPlugins.gmic

GIMP plugin for the G'MIC image processing framework

nixos-unstable 3.5.0
- nixpkgs-unstable 3.5.0
- nixos-unstable-small 3.5.0
nixos-25.11 3.5.0
- nixos-25.11-small 3.5.0
- nixpkgs-25.11-darwin 3.5.0

pkgs.gimp-with-plugins

GNU Image Manipulation Program

nixos-unstable 3.0.8
- nixpkgs-unstable 3.0.8
- nixos-unstable-small 3.0.8
nixos-25.11 3.0.4
- nixos-25.11-small 3.0.4
- nixpkgs-25.11-darwin 3.0.4

pkgs.gimp2Plugins.bimp

Batch Image Manipulation Plugin for GIMP

nixos-unstable 2.6
- nixpkgs-unstable 2.6
- nixos-unstable-small 2.6
nixos-25.11 2.6
- nixos-25.11-small 2.6
- nixpkgs-25.11-darwin 2.6

pkgs.gimp2Plugins.gimp

GNU Image Manipulation Program

nixos-unstable 2.10.38
- nixpkgs-unstable 2.10.38
- nixos-unstable-small 2.10.38
nixos-25.11 2.10.38
- nixos-25.11-small 2.10.38
- nixpkgs-25.11-darwin 2.10.38

pkgs.gimp2Plugins.gmic

GIMP plugin for the G'MIC image processing framework

nixos-unstable 3.5.0
- nixpkgs-unstable 3.5.0
- nixos-unstable-small 3.5.0
nixos-25.11 3.5.0
- nixos-25.11-small 3.5.0
- nixpkgs-25.11-darwin 3.5.0

pkgs.gimp2-with-plugins

GNU Image Manipulation Program

nixos-unstable 2.10.38
- nixpkgs-unstable 2.10.38
- nixos-unstable-small 2.10.38
nixos-25.11 2.10.38
- nixos-25.11-small 2.10.38
- nixpkgs-25.11-darwin 2.10.38

pkgs.gimp3-with-plugins

GNU Image Manipulation Program

nixos-unstable 3.0.8
- nixpkgs-unstable 3.0.8
- nixos-unstable-small 3.0.8
nixos-25.11 3.0.4
- nixos-25.11-small 3.0.4
- nixpkgs-25.11-darwin 3.0.4

pkgs.gimp2Plugins.fourier

GIMP plug-in to do the fourier transform

nixos-unstable 0.4.3
- nixpkgs-unstable 0.4.3
- nixos-unstable-small 0.4.3
nixos-25.11 0.4.3
- nixos-25.11-small 0.4.3
- nixpkgs-25.11-darwin 0.4.3

pkgs.gimp2Plugins.farbfeld

Gimp plug-in for the farbfeld image format

nixos-unstable 2019-08-12
- nixpkgs-unstable 2019-08-12
- nixos-unstable-small 2019-08-12
nixos-25.11 2019-08-12
- nixos-25.11-small 2019-08-12
- nixpkgs-25.11-darwin 2019-08-12

pkgs.gimpPlugins.lightning

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.gimp2Plugins.lightning

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.gimp2Plugins.lqrPlugin

None

nixos-unstable 0.7.2
- nixpkgs-unstable 0.7.2
- nixos-unstable-small 0.7.2
nixos-25.11 0.7.2
- nixos-25.11-small 0.7.2
- nixpkgs-25.11-darwin 0.7.2

pkgs.gimp2Plugins.texturize

None

nixos-unstable 2.2+unstable=2021-12-03
- nixpkgs-unstable 2.2+unstable=2021-12-03
- nixos-unstable-small 2.2+unstable=2021-12-03
nixos-25.11 2.2+unstable=2021-12-03
- nixos-25.11-small 2.2+unstable=2021-12-03
- nixpkgs-25.11-darwin 2.2+unstable=2021-12-03

pkgs.gimp2Plugins.gimplensfun

GIMP plugin to correct lens distortion using the lensfun library and database

nixos-unstable 2018-10-21
- nixpkgs-unstable 2018-10-21
- nixos-unstable-small 2018-10-21
nixos-25.11 2018-10-21
- nixos-25.11-small 2018-10-21
- nixpkgs-25.11-darwin 2018-10-21

pkgs.gimpPlugins.resynthesizer

Suite of gimp plugins for texture synthesis

nixos-unstable 3.0
- nixpkgs-unstable 3.0
- nixos-unstable-small 3.0
nixos-25.11 3.0
- nixos-25.11-small 3.0
- nixpkgs-25.11-darwin 3.0

pkgs.gimp2Plugins.waveletSharpen

None

nixos-unstable 0.1.2
- nixpkgs-unstable 0.1.2
- nixos-unstable-small 0.1.2
nixos-25.11 0.1.2
- nixos-25.11-small 0.1.2
- nixpkgs-25.11-darwin 0.1.2

Package maintainers

@jtojnar Jan Tojnar <jtojnar@gmail.com>
@sikmir Nikolay Korotkiy <sikmir@disroot.org>
@jmbaur Jared Baur <jaredbaur@fastmail.com>