_ElenaBs_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![Apple Unveils Powerful New Accessibility Features for iOS 19 and macOS 16 [Video]](https://www.iclarified.com/images/news/97311/97311/97311-640.jpg)
![Apple Working on Brain-Controlled iPhone With Synchron [Report]](https://www.iclarified.com/images/news/97312/97312/97312-640.jpg)
![Samsung's New Galaxy S25 Edge Takes Aim at 'iPhone 17 Air' [Video]](https://www.iclarified.com/images/news/97276/97276/97276-640.jpg)
![Apple to Launch AI-Powered Battery Saver Mode in iOS 19 [Report]](https://www.iclarified.com/images/news/97309/97309/97309-640.jpg)
![[The AI Show Episode 147]: OpenAI Abandons For-Profit Plan, AI College Cheating Epidemic, Apple Says AI Will Replace Search Engines & HubSpot’s AI-First Scorecard](https://www.marketingaiinstitute.com/hubfs/ep%20147%20cover.png)
![Ditching a Microsoft Job to Enter Startup Purgatory with Lonewolf Engineer Sam Crombie [Podcast #171]](https://cdn.hashnode.com/res/hashnode/image/upload/v1746753508177/0cd57f66-fdb0-4972-b285-1443a7db39fc.png?#)
Security flaw found in GIMP! Avoid opening this file type until it’s fixed
The current edition of GIMP (version 3.0.2) has a security vulnerability that could be exploited to inject malicious code. The developers released GIMP 3.0 back in March, then followed it up a week later with version 3.0.2. A more recent update is not yet available. Security researchers from the Trend Micro Zero Day Initiative (ZDI) have discovered a security vulnerability in GIMP 3.0.2, which they’ve labeled ZDI-CAN-26752. (A CVE ID is not yet known.) It involves a potential buffer overflow due to insufficient validation. More specifically, the vulnerability occurs when an ICO file is much larger than its stated image size. The creator of an ICO file can specify any dimensions for the image, but the actual dimensions may be larger, which results in a calculated buffer size that’s too small. When the buffer overflows, malicious code cleverly placed in memory can be executed. The faulty code in the ICO parser has already been corrected in the publicly available source code of the image editing app. However, a new version of GIMP hasn’t been made available yet. The developers warn that malicious actors can analyze GIMP’s public source code to find and exploit vulnerabilities like this one, so you should be aware and stay vigilant while the corrected version of the app is worked on. Since the next planned edition (version 3.0.4) will include many more changes, the devs can’t just push a half-finished update out the door. Until then, it’s best that you don’t open any ICO files using GIMP. This is true whether you’re on the newer 3.x version of GIMP or the older 2.x version. If you are still using GIMP 2.x, you should also note that ZDI researchers have also discovered security vulnerabilities in it, including one vulnerability that works in a very similar way to the one mentioned above but has been fixed in GIMP 3.x. GIMP stands for GNU Image Manipulation Program. The free-to-use open-source image editing software is available on Windows, macOS, and Linux, among others. GIMP 1.0 was released in 1998 and since then GIMP has developed into a capable image and photo editing app.
The current edition of GIMP (version 3.0.2) has a security vulnerability that could be exploited to inject malicious code. The developers released GIMP 3.0 back in March, then followed it up a week later with version 3.0.2. A more recent update is not yet available.
Security researchers from the Trend Micro Zero Day Initiative (ZDI) have discovered a security vulnerability in GIMP 3.0.2, which they’ve labeled ZDI-CAN-26752. (A CVE ID is not yet known.) It involves a potential buffer overflow due to insufficient validation.
More specifically, the vulnerability occurs when an ICO file is much larger than its stated image size. The creator of an ICO file can specify any dimensions for the image, but the actual dimensions may be larger, which results in a calculated buffer size that’s too small. When the buffer overflows, malicious code cleverly placed in memory can be executed.
The faulty code in the ICO parser has already been corrected in the publicly available source code of the image editing app. However, a new version of GIMP hasn’t been made available yet. The developers warn that malicious actors can analyze GIMP’s public source code to find and exploit vulnerabilities like this one, so you should be aware and stay vigilant while the corrected version of the app is worked on. Since the next planned edition (version 3.0.4) will include many more changes, the devs can’t just push a half-finished update out the door.
Until then, it’s best that you don’t open any ICO files using GIMP. This is true whether you’re on the newer 3.x version of GIMP or the older 2.x version. If you are still using GIMP 2.x, you should also note that ZDI researchers have also discovered security vulnerabilities in it, including one vulnerability that works in a very similar way to the one mentioned above but has been fixed in GIMP 3.x.
GIMP stands for GNU Image Manipulation Program. The free-to-use open-source image editing software is available on Windows, macOS, and Linux, among others. GIMP 1.0 was released in 1998 and since then GIMP has developed into a capable image and photo editing app.
