CVE-2025-48797 | THREATINT

Description

A flaw was found in GIMP when processing certain TGA image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing a heap buffer overflow.

PUBLISHED Reserved 2025-05-26 | Published 2025-05-27 | Updated 2025-11-06 | Assigner redhat

HIGH: 7.3CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Problem types

Heap-based Buffer Overflow

Product status

Default status

unaffected

Any version before 3.0.0

affected

Default status

affected

2:2.8.22-1.el7_9.2 (rpm) before *

unaffected

Default status

affected

8100020250614205641.4c9c024f (rpm) before *

unaffected

Default status

affected

8020020250618101631.c3a0935b (rpm) before *

unaffected

Default status

affected

8040020250618100956.70584597 (rpm) before *

unaffected

Default status

affected

8060020250618100419.6af1eaf0 (rpm) before *

unaffected

Default status

affected

8060020250618100419.6af1eaf0 (rpm) before *

unaffected

Default status

affected

8060020250618100419.6af1eaf0 (rpm) before *

unaffected

Default status

affected

8080020250623120629.0621e4ee (rpm) before *

unaffected

Default status

affected

8080020250623120629.0621e4ee (rpm) before *

unaffected

Default status

affected

2:2.99.8-4.el9_6.2 (rpm) before *

unaffected

Default status

affected

2:2.99.8-3.el9_0.1 (rpm) before *

unaffected

Default status

affected

2:2.99.8-4.el9_2.1 (rpm) before *

unaffected

Default status

affected

2:2.99.8-4.el9_4.1 (rpm) before *

unaffected

Default status

unknown

Timeline

2025-05-26:	Reported to Red Hat.
2025-05-26:	Made public.

References

lists.debian.org/debian-lts-announce/2025/10/msg00022.html

access.redhat.com/errata/RHSA-2025:9162 (RHSA-2025:9162) vendor-advisory

access.redhat.com/errata/RHSA-2025:9165 (RHSA-2025:9165) vendor-advisory

access.redhat.com/errata/RHSA-2025:9308 (RHSA-2025:9308) vendor-advisory

access.redhat.com/errata/RHSA-2025:9309 (RHSA-2025:9309) vendor-advisory

access.redhat.com/errata/RHSA-2025:9310 (RHSA-2025:9310) vendor-advisory

access.redhat.com/errata/RHSA-2025:9314 (RHSA-2025:9314) vendor-advisory

access.redhat.com/errata/RHSA-2025:9315 (RHSA-2025:9315) vendor-advisory

access.redhat.com/errata/RHSA-2025:9316 (RHSA-2025:9316) vendor-advisory

access.redhat.com/errata/RHSA-2025:9501 (RHSA-2025:9501) vendor-advisory

access.redhat.com/errata/RHSA-2025:9569 (RHSA-2025:9569) vendor-advisory

access.redhat.com/security/cve/CVE-2025-48797 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2368558 (RHBZ#2368558) issue-tracking

gitlab.gnome.org/GNOME/gimp/-/issues/11822

cve.org (CVE-2025-48797)

nvd.nist.gov (CVE-2025-48797)

Download JSON

help @ threatint.eu