Developers of the GNU Image Manipulation Program, or GIMP, have released an updated version that corrects a number of problems that could cause the software to crash. The free-to-use ‘Photoshop alternative’ is now in version 2.8.22 for Mac and PC and includes fixes for a number of operations, such as drag-and-drop/copy-and-paste uses of the clip board and use of the color picker, that could make the program crash.

A new arrangement for the way the main image window appears in single-window mode is also said to make painting easier when particular themes created in the GIMP tool kit are in use. A further issue solved is one that has bothered the developers since 2007 – that of a vulnerability that allowed attackers to crash the import plug-in for ICO files.
For more information see the GIMP website

Developer's information

GIMP 2.8.22 Released

We are releasing GIMP 2.8.22 with various bug fixes.

All platforms will benefit from a change to the image window hierarchy in single window mode, which improves painting performance when certain GTK+ themes are used.

This version fixes an ancient CVE bug, CVE-2007-3126. Due to this bug, the ICO file import plug-in could be crashed by specially crafted image files. Our attempts to reproduce the bug failed with 2.8 and thus the impact had likely been minimal for years, but now it is gone for good.

Users on the Apple macOS platforms will benefit from fixes for crashes during drag&drop and copy&paste operations. On the Microsoft Windows platforms, crashes encountered when using the color picker with special multi-screen setups are gone, and picking the actual color instead of black from anywhere on the screen should finally be possible.

Check out the full list of fixed issues since 2.8.20.

The source code, the Microsoft Windows installer and the Apple Disk Image for GIMP 2.8.22 are available from our downloads page; so yes, this time we made an effort to publish everything in one go :)

Overview of Changes from GIMP 2.8.20 to GIMP 2.8.22
===================================================

GUI:

- improve drawing performance in single window mode, especially with
pixmap themes

macOS DMG:

- Make the launcher script also set BABL_PATH
- Add patch for GTK+ Bug 743717 to the build which concerns crashes
during clipboard operations with a clipboard manager active
- Add patch for GTK+ Bug 767091 to the build which concerns crashes
on some drag & drop operations
- generate OSX package metadata during build

Plug-ins:

- Fix for CVE-2007-3126, a bug in the ICO plug-in which allowed
context-dependent attackers to cause a denial of service (crash)
via an ICO file with an InfoHeader containing a Height of zero.
We couldn't reproduce any crash in recent version, but fixed the
error messages for good measure
- Avoid creating wrong layer group structure when importing PSD
files (already fixed in 2.8.20, didn't make it to the NEWS)
- Prevent a crash in PDF plug-in if images or resolution are large
- stop parsing invalid PCX files early and prevent a segmentation fault

General:

- if NOCONFIGURE is set, autogen.sh won't run configure
- VPATH builds for win32 targets have been fixed

Updated Translations:

- Basque
- Brazilian Portuguese
- Catalan
- Chinese (PRC)
- Finnish
- Greek
- Hungarian
- Italian
- Kazakh
- Norwegian
- Polish
- Slovenian
- Spanish
- Swedish