PT-2023-9366 · Gimp+9 · Gimp+9

Michael Randrianantenaina

·

Published

2023-09-29

·

Updated

2025-08-14

·

CVE-2023-44442

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions GIMP (affected versions not specified)
Description This issue allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this issue, where the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSD files, resulting from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this issue to execute arbitrary code in the context of the current process.
Recommendations At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

RCE

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-122

Related Identifiers

ALSA-2024:0675
ALSA-2024:0861
ALSA-2025:0746
ALSA-2025:3617
ALSA-2025:7417
BDU:2024-06921
CESA-2024_0861
CESA-2025_0746
CVE-2023-44442
DLA-3659-1
DSA-5564-1
INFSA-2024_0675
INFSA-2025_0746
INFSA-2025_3617
INFSA-2025_7417
MGASA-2023-0346
OESA-2023-1891
OESA-2023-1892
RHSA-2024:0675
RHSA-2024:0702
RHSA-2024:0716
RHSA-2024:0861
RHSA-2024:0862
RHSA-2024:0863
RHSA-2024:1007
RHSA-2024:10666
RHSA-2024:1327
RHSA-2024_0675
RHSA-2024_0861
RHSA-2025:0746
RHSA-2025:3617
RHSA-2025:3629
RHSA-2025:7417
RHSA-2025_0746
RHSA-2025_3617
RHSA-2025_7417
RLSA-2024:0675
RLSA-2024:0861
RLSA-2025:0746
SUSE-SU-2023:4692-1
SUSE-SU-2023:4697-1
SUSE-SU-2023_4697-1
USN-6521-1
ZDI-23-1594

Affected Products

Almalinux
Astra Linux
Centos
Gimp
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu