Description
A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues.
Problem types
Product status
Any version before 3.0.0
2:2.8.22-1.el7_9.2 (rpm) before *
8100020250614205641.4c9c024f (rpm) before *
8020020250618101631.c3a0935b (rpm) before *
8040020250618100956.70584597 (rpm) before *
8060020250618100419.6af1eaf0 (rpm) before *
8060020250618100419.6af1eaf0 (rpm) before *
8060020250618100419.6af1eaf0 (rpm) before *
8080020250623120629.0621e4ee (rpm) before *
8080020250623120629.0621e4ee (rpm) before *
2:2.99.8-4.el9_6.2 (rpm) before *
2:2.99.8-3.el9_0.1 (rpm) before *
2:2.99.8-4.el9_2.1 (rpm) before *
2:2.99.8-4.el9_4.1 (rpm) before *
Timeline
| 2025-05-26: | Reported to Red Hat. |
| 2025-05-26: | Made public. |
References
lists.debian.org/debian-lts-announce/2025/10/msg00022.html
access.redhat.com/errata/RHSA-2025:9162 (RHSA-2025:9162)
access.redhat.com/errata/RHSA-2025:9165 (RHSA-2025:9165)
access.redhat.com/errata/RHSA-2025:9308 (RHSA-2025:9308)
access.redhat.com/errata/RHSA-2025:9309 (RHSA-2025:9309)
access.redhat.com/errata/RHSA-2025:9310 (RHSA-2025:9310)
access.redhat.com/errata/RHSA-2025:9314 (RHSA-2025:9314)
access.redhat.com/errata/RHSA-2025:9315 (RHSA-2025:9315)
access.redhat.com/errata/RHSA-2025:9316 (RHSA-2025:9316)
access.redhat.com/errata/RHSA-2025:9501 (RHSA-2025:9501)
access.redhat.com/errata/RHSA-2025:9569 (RHSA-2025:9569)
access.redhat.com/security/cve/CVE-2025-48798
bugzilla.redhat.com/show_bug.cgi?id=2368557 (RHBZ#2368557)
gitlab.gnome.org/GNOME/gimp/-/issues/11822