Security update: Malicious code attacks on GIMP possible

GIMP can encounter errors when processing certain file types. This can be an entry point for attackers to push and execute malicious code on computers. A secured version is available for download.

The Dangers

Security researchers from Trend Micro's Zero Day Initiative list the vulnerabilities on their portal. As indicated by several security advisories (CVE-2026-2044 “high,” CVE-2026-2045 “high,” CVE-2026-2047 “high,” CVE-2026-2048 “high”), remote attackers can exploit the vulnerabilities for malicious code attacks. It is not clear from the entries whether all operating systems are threatened.

The errors occur when processing ICNS, PGM, or XWD files. This leads to memory errors and allows malicious code to get onto PCs. However, this does not happen easily: attackers must trick victims into opening a prepared file. Alternatively, attackers can offer prepared files for download on a website they control.

The security researchers' reports provide no indication that attackers are already exploiting the vulnerabilities. It also remains unclear which parameters can be used to identify already attacked systems.

Background

The Zero Day Initiative states that the security vulnerabilities were reported to the GIMP developers in November of last year. The advisories were only recently published. GIMP 3.0.8's changelog from the end of January this year indicates that the developers have resolved the security issues. Users should ensure they have at least this version installed.

GIMP last made headlines in the IT security context in October 2025, when the developers also closed loopholes for malicious code.

(des)