INFSA-2025:9162: gimp security update
Information about definition
Identificator: INFSA-2025:9162
Type: security
Release date: 2025-07-07 09:39:50 UTC
Information about package
The GIMP (GNU Image Manipulation Program) is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo.
Vulnerabilities description
- CVE-2025-48797
A flaw was found in GIMP when processing certain TGA image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing a heap buffer overflow.
- CVE-2025-48798
A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues.
- CVE-2025-5473
An integer overflow vulnerability was found in Gimp's handling of ICO files. This vulnerability can lead to code execution if a user is convinced to open a maliciously crafted file.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-48797
|
no information | 7.3 | no information |
|
NIST — CVE-2025-48798
|
no information | 7.3 | no information |
|
NIST — CVE-2025-5473
|
no information | 7.8 | no information |
Updated packages