Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2026-4150

created 20 hours ago

GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability

GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28807.

References

ZDI-26-217 x_research-advisory
vendor-provided URL vendor-advisory

Affected products

GIMP

==3.0.8

Matching in nixpkgs

pkgs.gimp

GNU Image Manipulation Program

nixos-unstable 3.0.8
- nixpkgs-unstable 3.0.8
- nixos-unstable-small 3.0.8
nixos-25.11 3.0.4
- nixos-25.11-small 3.0.4
- nixpkgs-25.11-darwin 3.0.4

pkgs.gimp2

GNU Image Manipulation Program

nixos-unstable 2.10.38
- nixpkgs-unstable 2.10.38
- nixos-unstable-small 2.10.38
nixos-25.11 2.10.38
- nixos-25.11-small 2.10.38
- nixpkgs-25.11-darwin 2.10.38

pkgs.gimp3

GNU Image Manipulation Program

nixos-unstable 3.0.8
- nixpkgs-unstable 3.0.8
- nixos-unstable-small 3.0.8
nixos-25.11 3.0.4
- nixos-25.11-small 3.0.4
- nixpkgs-25.11-darwin 3.0.4

pkgs.zigimports

Automatically remove unused imports and globals from Zig files

nixos-unstable 0.1.0
- nixpkgs-unstable 0.1.0
- nixos-unstable-small 0.1.0
nixos-25.11 0.1.0
- nixos-25.11-small 0.1.0
- nixpkgs-25.11-darwin 0.1.0

pkgs.gimpPlugins.gimp

GNU Image Manipulation Program

nixos-unstable 3.0.8
- nixpkgs-unstable 3.0.8
- nixos-unstable-small 3.0.8
nixos-25.11 3.0.4
- nixos-25.11-small 3.0.4
- nixpkgs-25.11-darwin 3.0.4

pkgs.gimpPlugins.gmic

GIMP plugin for the G'MIC image processing framework

nixos-unstable 3.5.0
- nixpkgs-unstable 3.5.0
- nixos-unstable-small 3.5.0
nixos-25.11 3.5.0
- nixos-25.11-small 3.5.0
- nixpkgs-25.11-darwin 3.5.0

pkgs.gimp-with-plugins

GNU Image Manipulation Program

nixos-unstable 3.0.8
- nixpkgs-unstable 3.0.8
- nixos-unstable-small 3.0.8
nixos-25.11 3.0.4
- nixos-25.11-small 3.0.4
- nixpkgs-25.11-darwin 3.0.4

pkgs.gimp2Plugins.bimp

Batch Image Manipulation Plugin for GIMP

nixos-unstable 2.6
- nixpkgs-unstable 2.6
- nixos-unstable-small 2.6
nixos-25.11 2.6
- nixos-25.11-small 2.6
- nixpkgs-25.11-darwin 2.6

pkgs.gimp2Plugins.gimp

GNU Image Manipulation Program

nixos-unstable 2.10.38
- nixpkgs-unstable 2.10.38
- nixos-unstable-small 2.10.38
nixos-25.11 2.10.38
- nixos-25.11-small 2.10.38
- nixpkgs-25.11-darwin 2.10.38

pkgs.gimp2Plugins.gmic

GIMP plugin for the G'MIC image processing framework

nixos-unstable 3.5.0
- nixpkgs-unstable 3.5.0
- nixos-unstable-small 3.5.0
nixos-25.11 3.5.0
- nixos-25.11-small 3.5.0
- nixpkgs-25.11-darwin 3.5.0

pkgs.gimp2-with-plugins

GNU Image Manipulation Program

nixos-unstable 2.10.38
- nixpkgs-unstable 2.10.38
- nixos-unstable-small 2.10.38
nixos-25.11 2.10.38
- nixos-25.11-small 2.10.38
- nixpkgs-25.11-darwin 2.10.38

pkgs.gimp3-with-plugins

GNU Image Manipulation Program

nixos-unstable 3.0.8
- nixpkgs-unstable 3.0.8
- nixos-unstable-small 3.0.8
nixos-25.11 3.0.4
- nixos-25.11-small 3.0.4
- nixpkgs-25.11-darwin 3.0.4

pkgs.gimp2Plugins.fourier

GIMP plug-in to do the fourier transform

nixos-unstable 0.4.3
- nixpkgs-unstable 0.4.3
- nixos-unstable-small 0.4.3
nixos-25.11 0.4.3
- nixos-25.11-small 0.4.3
- nixpkgs-25.11-darwin 0.4.3

pkgs.gimp2Plugins.farbfeld

Gimp plug-in for the farbfeld image format

nixos-unstable 2019-08-12
- nixpkgs-unstable 2019-08-12
- nixos-unstable-small 2019-08-12
nixos-25.11 2019-08-12
- nixos-25.11-small 2019-08-12
- nixpkgs-25.11-darwin 2019-08-12

pkgs.gimpPlugins.lightning

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.gimp2Plugins.lightning

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.gimp2Plugins.lqrPlugin

None

nixos-unstable 0.7.2
- nixpkgs-unstable 0.7.2
- nixos-unstable-small 0.7.2
nixos-25.11 0.7.2
- nixos-25.11-small 0.7.2
- nixpkgs-25.11-darwin 0.7.2

pkgs.gimp2Plugins.texturize

None

nixos-unstable 2.2+unstable=2021-12-03
- nixpkgs-unstable 2.2+unstable=2021-12-03
- nixos-unstable-small 2.2+unstable=2021-12-03
nixos-25.11 2.2+unstable=2021-12-03
- nixos-25.11-small 2.2+unstable=2021-12-03
- nixpkgs-25.11-darwin 2.2+unstable=2021-12-03

pkgs.gimp2Plugins.gimplensfun

GIMP plugin to correct lens distortion using the lensfun library and database

nixos-unstable 2018-10-21
- nixpkgs-unstable 2018-10-21
- nixos-unstable-small 2018-10-21
nixos-25.11 2018-10-21
- nixos-25.11-small 2018-10-21
- nixpkgs-25.11-darwin 2018-10-21

pkgs.gimpPlugins.resynthesizer

Suite of gimp plugins for texture synthesis

nixos-unstable 3.0
- nixpkgs-unstable 3.0
- nixos-unstable-small 3.0
nixos-25.11 3.0
- nixos-25.11-small 3.0
- nixpkgs-25.11-darwin 3.0

pkgs.gimp2Plugins.waveletSharpen

None

nixos-unstable 0.1.2
- nixpkgs-unstable 0.1.2
- nixos-unstable-small 0.1.2
nixos-25.11 0.1.2
- nixos-25.11-small 0.1.2
- nixpkgs-25.11-darwin 0.1.2

Package maintainers

@jtojnar Jan Tojnar <jtojnar@gmail.com>
@sikmir Nikolay Korotkiy <sikmir@disroot.org>
@jmbaur Jared Baur <jaredbaur@fastmail.com>