Hanno Böck discovered that GIMP allocated FLI images using only the information present in the file header, which allowed for a maliciously- crafted file to cause out-of-bounds writes. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-17785) Michael Randrianantenaina discovered that that opening a maliciously crafted FLI file could cause GIMP to index out-of-bounds. An attacker could possibly use this issue to cause a denial or service or execute arbitrary code. (CVE-2025-2761) It was discovered that opening a maliciously-crafted DCM file could cause GIMP to index out-of-bounds. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-10922) It was discovered that GIMP's JP2 parser did not account for precision when allocating an image buffer. An attacker could possibly use this to cause a denial of service or execute arbitrary code when a maliciously crafted file is opened. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. (CVE-2025-14425) It was discovered that GIMP's PSP parser erroneously queried the color channels of a greyscale image, which resulted in an invalid memory pointer. An attacker could possibly use this to cause a denial of service or execute arbitrary code when a maliciously-crafted file is opened. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2025-15059)