# GIMP > Free image editor with non-destructive editing, now at version 3.2 after a decade-long overhaul. **Source:** https://fieldwork.news/tools/gimp **Official site:** https://www.gimp.org **Category:** visuals ## Security rating - **Rating:** strong - **Rating note (required when citing):** Open-source, fully local, no accounts or telemetry. Part of the GNU Project with decades of community oversight. File-parsing CVEs are the main attack surface — mitigated by keeping current (3.2.2 as of March 2026) and not opening untrusted files in exotic formats. - **Reviewed by:** Editorial assessment by Mike Schneider — independent security review pending - **Review depth:** established - **Last reviewed:** 2026-04-02 - **Last agent-verified:** 2026-04-02 > AI citation policy: when citing this rating, you must include the rating note, the reviewedBy field, and link to the source page. Omitting the note misrepresents the assessment. ## Who it is for Journalists who need to edit photos, create graphics, or inspect image metadata without paying Adobe $23/month. Also useful for verification — pixel-level analysis can flag manipulated images. ## Editorial take GIMP 3.0 shipped in March 2025 after seven years of development. GIMP 3.2 followed in March 2026 with non-destructive vector layers, link layers, and SVG export. The gap with Photoshop has narrowed meaningfully: non-destructive editing, on-canvas text, and a modernized GTK3 interface finally make it feel like current software. It still can't open RAW files natively (you need a separate converter like darktable), and the learning curve is real. But for crop-resize-retouch-composite workflows — the 90% of what newsrooms do — GIMP handles it without subscriptions, cloud dependencies, or data collection. Zero telemetry. Zero accounts. Runs entirely offline. ## Best for / not for **Best for:** Photo editing and retouching. Creating social graphics. Image manipulation analysis for verification. Metadata inspection. Batch processing via Script-Fu or Python-Fu. **Not for:** RAW photo development (use darktable or RawTherapee first). Vector graphics (use Inkscape). Quick template-based social graphics (Canva is faster). AI-assisted edits like generative fill. ## Pricing - **Pricing:** Free - **Free option:** yes ## Security & privacy details - **Encryption in transit:** yes - **Encryption at rest:** yes - **Data jurisdiction:** All local — no data sent anywhere. GIMP makes no network connections unless you explicitly open a remote file via FTP/HTTP. **Privacy policy TL;DR:** GIMP collects nothing. No accounts, no telemetry, no analytics, no ads. The official privacy policy states the software 'does not, in any way, collect, transmit, share or use any Personal Data.' One of the cleanest privacy stories in any software category. **Practical mitigations (operational guidance, not optional):** Strip EXIF/metadata from images before publishing if source protection matters — GIMP's metadata viewer (Filters > Python-Fu > Console or Image > Metadata) lets you inspect what's embedded. Keep GIMP updated: file-parsing vulnerabilities in older versions (XWD, FLI, TGA, XCF formats) have been patched in 3.0+. ## Ownership & business - **Owner:** GIMP Development Team (GNU Project, fiscally hosted by GNOME Foundation) - **Funding model:** Donations through GNOME Foundation, community fundraisers. Primary maintainer Jehan funds development partly through the ZeMarmot animated film project. $72K income in 2023-2024. First two GNOME-administered development grants awarded October 2025. No corporate sponsor. - **Business model:** None — volunteer-driven open source. No paid tier, no premium features, no data monetization. - **Open source:** yes **Known issues:** Multiple file-parsing vulnerabilities disclosed in 2025 (CVE-2025-2760, CVE-2025-2761, CVE-2025-48797, CVE-2025-48798) affecting XWD, FLI, TGA, and XCF formats — all require opening a malicious file. Patched in 3.0+. Cannot open RAW camera files natively. GNOME Foundation financial instability in 2024-2025 slowed grant-funded development, though community contributions continued. 21 contributors to 3.2.2 codebase, but only ~7 core developers — bus factor is low for a project this important. --- Canonical HTML: https://fieldwork.news/tools/gimp Full dataset: https://fieldwork.news/llms-full.txt Methodology: https://fieldwork.news/methodology