03-20-2026, 09:12 AM
Thanks for your replies.
@rich2005:
So even if the GIMP team fix that, maybe it doesn't make it into the official system repositories of Linux Mint 22.
I guess it's hard to get a hold of people in charge of putting together the repos for Mint.
I think I've seen HDR images in the context of Apple.
@CmykStudent_:
You might be right that GIMP would still be running fine. The concern is rather that you can encrust a malicious process in the running GIMP process.
And of course, attackers would manipulate images exactly for this purpose.
I quote from the article, both in original language and translated to English:
@rich2005:
Quote:Unless you got Gimp from a PPA , the Gimp in the repo is 2.10.36 not Gimp 3.2Yes, we don't use a ppa and that's where our concern stems from. We are still on 2.10.36 and would like to go to 3.2 with the system repositories, that is without any ppa if possible.
So even if the GIMP team fix that, maybe it doesn't make it into the official system repositories of Linux Mint 22.
I guess it's hard to get a hold of people in charge of putting together the repos for Mint.
I think I've seen HDR images in the context of Apple.
@CmykStudent_:
You might be right that GIMP would still be running fine. The concern is rather that you can encrust a malicious process in the running GIMP process.
And of course, attackers would manipulate images exactly for this purpose.
I quote from the article, both in original language and translated to English:
Quote:Auch hier können bösartige Akteure mit sorgsam präparierten Dateien Schadcode einschleusen, der im Kontext des laufenden Prozesses ausgeführt wird ||
Here, too, malicious actors can use carefully crafted files to inject malicious code that is executed within the context of the running process