Login Sign Up

CVE-2023-44443

7.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious PSP image files in GIMP. An integer overflow during PSP file parsing enables memory corruption that can lead to remote code execution. All GIMP users who open untrusted PSP files are affected.

💻 Affected Systems

Products:
  • GIMP (GNU Image Manipulation Program)
Versions: Versions before 2.10.36
Operating Systems: Linux, Windows, macOS, All platforms running GIMP
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations of affected GIMP versions are vulnerable when processing PSP files.

📦 What is this software?

Gimp by Gimp

View all CVEs affecting Gimp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining the same privileges as the GIMP user, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Local privilege escalation or malware installation on the user's system when opening a malicious PSP file.

🟢

If Mitigated

No impact if users only open trusted files or have patched versions.

🌐 Internet-Facing: MEDIUM - Requires user interaction to open malicious files, but PSP files could be distributed via websites, email, or downloads.
🏢 Internal Only: MEDIUM - Similar risk internally if users open untrusted files from internal sources.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file) but the vulnerability is in a widely used image processing library.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: GIMP 2.10.36 and later

Vendor Advisory: https://www.gimp.org/news/2023/11/07/gimp-2-10-36-released/

Restart Required: Yes

Instructions:

1. Download GIMP 2.10.36 or later from official sources. 2. Install the update following your OS package manager instructions. 3. Restart GIMP to ensure the patch is active.

🔧 Temporary Workarounds

Disable PSP file support

linux

Remove or disable PSP file format plugin to prevent parsing of malicious files

mv /usr/lib/gimp/2.0/plug-ins/file-psp /usr/lib/gimp/2.0/plug-ins/file-psp.disabled
Restart GIMP

Use file type restrictions

all

Configure system to block or warn about PSP file execution

🧯 If You Can't Patch

  • Implement application whitelisting to prevent execution of unauthorized GIMP instances
  • Educate users to never open PSP files from untrusted sources and use alternative image viewers for PSP files

🔍 How to Verify

Check if Vulnerable:

Check GIMP version: if below 2.10.36, system is vulnerable

Check Version:

gimp --version | head -1

Verify Fix Applied:

Verify GIMP version is 2.10.36 or higher and attempt to open a known safe PSP file

📡 Detection & Monitoring

Log Indicators:

  • GIMP crash logs with memory access violations
  • Unexpected process spawning from GIMP

Network Indicators:

  • Outbound connections from GIMP process to unknown IPs
  • Unexpected DNS queries from GIMP

SIEM Query:

process_name:"gimp" AND (event_type:crash OR parent_process:unexpected)

📊 Metadata

CVE ID: CVE-2023-44443
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-190
Published: May 3, 2024
Last Updated: August 14, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-44443, you might also want to check these:

CVE-2025-64721 10.0

This vulnerability in Sandboxie allows sandboxed processes to exploit an integer overflow in the Sbi...

Same vulnerability type (CWE-190)
CVE-2025-52581 9.8

An integer overflow vulnerability in libbiosig's GDF file parsing allows arbitrary code execution wh...

Same vulnerability type (CWE-190)
CVE-2025-53518 9.8

An integer overflow vulnerability in libbiosig's ABF file parser allows arbitrary code execution whe...

Same vulnerability type (CWE-190)