Michael Randrianantenaina discovered that calculating the linear size of a DDS file could overflow on 32-bit systems. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. (CVE-2025-2760) Michael Randrianantenaina discovered that GIMP did not perform any bounds checking when calculating an offset into XWD Colormaps. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-10934) It was discovered that GIMP's PNM loader did not sufficiently check that the image could fit within the allocated memory, which could cause GIMP to read or write out-of-bounds. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-14422) It was discovered that maliciously-crafted TGA files could cause memory corruption and leave GIMP in an inconsistent state. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-48797) It was discovered that a maliciously-crafted XCF file could cause GIMP to free the same memory region twice, or access an already freed address. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-48798)