Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2025-6035

6.6 MEDIUM

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): HIGH

created 2 months, 3 weeks ago

Gimp: gimp integer overflow

A flaw was found in GIMP. An integer overflow vulnerability exists in the GIMP "Despeckle" plug-in. The issue occurs due to unchecked multiplication of image dimensions, such as width, height, and bytes-per-pixel (img_bpp), which can result in allocating insufficient memory and subsequently performing out-of-bounds writes. This issue could lead to heap corruption, a potential denial of service (DoS), or arbitrary code execution in certain scenarios.

References

https://access.redhat.com/security/cve/CVE-2025-6035 vdb-entryx_refsource_REDHAT
RHBZ#2372515 x_refsource_REDHATissue-tracking
https://access.redhat.com/security/cve/CVE-2025-6035 vdb-entryx_refsource_REDHAT
RHBZ#2372515 x_refsource_REDHATissue-tracking
https://access.redhat.com/security/cve/CVE-2025-6035 vdb-entryx_refsource_REDHAT
RHBZ#2372515 x_refsource_REDHATissue-tracking
https://access.redhat.com/security/cve/CVE-2025-6035 vdb-entryx_refsource_REDHAT
RHBZ#2372515 x_refsource_REDHATissue-tracking
https://access.redhat.com/security/cve/CVE-2025-6035 vdb-entryx_refsource_REDHAT
RHBZ#2372515 x_refsource_REDHATissue-tracking
https://access.redhat.com/security/cve/CVE-2025-6035 vdb-entryx_refsource_REDHAT
RHBZ#2372515 x_refsource_REDHATissue-tracking
https://lists.debian.org/debian-lts-announce/2025/10/msg00022.html
https://access.redhat.com/security/cve/CVE-2025-6035 vdb-entryx_refsource_REDHAT
RHBZ#2372515 x_refsource_REDHATissue-tracking
https://lists.debian.org/debian-lts-announce/2025/10/msg00022.html
https://access.redhat.com/security/cve/CVE-2025-6035 vdb-entryx_refsource_REDHAT
RHBZ#2372515 x_refsource_REDHATissue-tracking
https://lists.debian.org/debian-lts-announce/2025/10/msg00022.html
https://access.redhat.com/security/cve/CVE-2025-6035 vdb-entryx_refsource_REDHAT
RHBZ#2372515 x_refsource_REDHATissue-tracking
https://lists.debian.org/debian-lts-announce/2025/10/msg00022.html
https://access.redhat.com/security/cve/CVE-2025-6035 vdb-entryx_refsource_REDHAT
RHBZ#2372515 x_refsource_REDHATissue-tracking
https://lists.debian.org/debian-lts-announce/2025/10/msg00022.html
https://access.redhat.com/security/cve/CVE-2025-6035 vdb-entryx_refsource_REDHAT
RHBZ#2372515 x_refsource_REDHATissue-tracking
https://lists.debian.org/debian-lts-announce/2025/10/msg00022.html
https://access.redhat.com/security/cve/CVE-2025-6035 vdb-entryx_refsource_REDHAT
RHBZ#2372515 x_refsource_REDHATissue-tracking
https://lists.debian.org/debian-lts-announce/2025/10/msg00022.html

Affected products

gimp

<3.0.4

gimp:2.8/gimp

Matching in nixpkgs

pkgs.zigimports

Automatically remove unused imports and globals from Zig files

nixos-unstable 0.1.0
- nixpkgs-unstable 0.1.0
- nixos-unstable-small 0.1.0
nixos-25.11 0.1.0
- nixpkgs-25.11-darwin 0.1.0

pkgs.gimpPlugins.bimp

Batch Image Manipulation Plugin for GIMP

nixos-unstable 2.6
- nixpkgs-unstable 2.6
- nixos-unstable-small 2.6

pkgs.gimpPlugins.gimp

GNU Image Manipulation Program

nixos-unstable 2.10.38
- nixpkgs-unstable 2.10.38
- nixos-unstable-small 2.10.38
nixos-25.11 3.0.4
- nixpkgs-25.11-darwin 3.0.4

pkgs.gimpPlugins.gmic

GIMP plugin for the G'MIC image processing framework

nixos-unstable 3.5.0
- nixpkgs-unstable 3.5.0
- nixos-unstable-small 3.5.0
nixos-25.11 3.5.0
- nixpkgs-25.11-darwin 3.5.0

pkgs.gimp-with-plugins

GNU Image Manipulation Program

nixos-unstable 2.10.38
- nixpkgs-unstable 2.10.38
- nixos-unstable-small 2.10.38

pkgs.gimp2Plugins.bimp

Batch Image Manipulation Plugin for GIMP

nixos-25.11 2.6
- nixpkgs-25.11-darwin 2.6

pkgs.gimp2Plugins.gimp

GNU Image Manipulation Program

nixos-25.11 2.10.38
- nixpkgs-25.11-darwin 2.10.38

pkgs.gimp2Plugins.gmic

GIMP plugin for the G'MIC image processing framework

nixos-25.11 3.5.0
- nixpkgs-25.11-darwin 3.5.0

pkgs.gimp3Plugins.gimp

GNU Image Manipulation Program

nixos-unstable 3.0.4
- nixpkgs-unstable 3.0.4
- nixos-unstable-small 3.0.4

pkgs.gimp3Plugins.gmic

GIMP plugin for the G'MIC image processing framework

nixos-unstable 3.5.0
- nixpkgs-unstable 3.5.0
- nixos-unstable-small 3.5.0

pkgs.gimp2-with-plugins

GNU Image Manipulation Program

nixos-25.11 2.10.38
- nixpkgs-25.11-darwin 2.10.38

pkgs.gimp3-with-plugins

GNU Image Manipulation Program

nixos-unstable 3.0.4
- nixpkgs-unstable 3.0.4
- nixos-unstable-small 3.0.4
nixos-25.11 3.0.4
- nixpkgs-25.11-darwin 3.0.4

pkgs.gimpPlugins.fourier

GIMP plug-in to do the fourier transform

nixos-unstable 0.4.3
- nixpkgs-unstable 0.4.3
- nixos-unstable-small 0.4.3

pkgs.gimp2Plugins.fourier

GIMP plug-in to do the fourier transform

nixos-25.11 0.4.3
- nixpkgs-25.11-darwin 0.4.3

pkgs.gimpPlugins.farbfeld

Gimp plug-in for the farbfeld image format

nixos-unstable 2019-08-12
- nixpkgs-unstable 2019-08-12
- nixos-unstable-small 2019-08-12

pkgs.gimp2Plugins.farbfeld

Gimp plug-in for the farbfeld image format

nixos-25.11 2019-08-12
- nixpkgs-25.11-darwin 2019-08-12

pkgs.gimpPlugins.lightning

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixpkgs-25.11-darwin

pkgs.gimpPlugins.lqrPlugin

None

nixos-unstable 0.7.2
- nixpkgs-unstable 0.7.2
- nixos-unstable-small 0.7.2

pkgs.gimpPlugins.texturize

None

nixos-unstable 2.2+unstable=2021-12-03
- nixpkgs-unstable 2.2+unstable=2021-12-03
- nixos-unstable-small 2.2+unstable=2021-12-03

pkgs.gimp2Plugins.lightning

None

nixos-25.11 -
- nixpkgs-25.11-darwin

pkgs.gimp2Plugins.lqrPlugin

None

nixos-25.11 0.7.2
- nixpkgs-25.11-darwin 0.7.2

pkgs.gimp2Plugins.texturize

None

nixos-25.11 2.2+unstable=2021-12-03
- nixpkgs-25.11-darwin 2.2+unstable=2021-12-03

pkgs.gimp3Plugins.lightning

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small

pkgs.gimpPlugins.gimplensfun

GIMP plugin to correct lens distortion using the lensfun library and database

nixos-unstable 2018-10-21
- nixpkgs-unstable 2018-10-21
- nixos-unstable-small 2018-10-21

pkgs.gimp2Plugins.gimplensfun

GIMP plugin to correct lens distortion using the lensfun library and database

nixos-25.11 2018-10-21
- nixpkgs-25.11-darwin 2018-10-21

pkgs.gimpPlugins.resynthesizer

None

nixos-unstable 2.0.3
- nixpkgs-unstable 2.0.3
- nixos-unstable-small 2.0.3
nixos-25.11 3.0
- nixpkgs-25.11-darwin 3.0

pkgs.gimpPlugins.waveletSharpen

None

nixos-unstable 0.1.2
- nixpkgs-unstable 0.1.2
- nixos-unstable-small 0.1.2

pkgs.gimp2Plugins.waveletSharpen

None

nixos-25.11 0.1.2
- nixpkgs-25.11-darwin 0.1.2

Package maintainers

@jtojnar Jan Tojnar <jtojnar@gmail.com>
@sikmir Nikolay Korotkiy <sikmir@disroot.org>
@jmbaur Jared Baur <jaredbaur@fastmail.com>