CVE-2025-48797
published 2025-05-27CVE-2025-48797: A flaw was found in GIMP when processing certain TGA image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP…
high7.3CVSS 3.1
AVLACLPRLUIRSUCHIHAH
A flaw was found in GIMP when processing certain TGA image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing a heap buffer overflow.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gimp | < gimp 2.10.34-1+deb12u3 (bookworm) | gimp 2.10.34-1+deb12u3 (bookworm) |
| gimp | gimp | >= 0 < 2.10.22-4+deb11u3 | 2.10.22-4+deb11u3 |
| gimp | gimp | >= 0 < 2.10.34-1+deb12u3 | 2.10.34-1+deb12u3 |
| gimp | gimp | >= 0 < 3.0.0~RC1-4 | 3.0.0~RC1-4 |
| gimp | gimp | >= 0 < 3.0.0~RC1-4 | 3.0.0~RC1-4 |
| gimp | gimp | >= 0 < 2.8.16-1ubuntu1.1+esm2 | 2.8.16-1ubuntu1.1+esm2 |
| gimp | gimp | >= 0 < 2.8.22-1ubuntu0.1~esm2 | 2.8.22-1ubuntu0.1~esm2 |
| gimp | gimp | >= 0 < 2.10.18-1ubuntu0.1+esm2 | 2.10.18-1ubuntu0.1+esm2 |
| gimp | gimp | >= 0 < 2.10.30-1ubuntu0.1+esm2 | 2.10.30-1ubuntu0.1+esm2 |
| gimp | gimp | >= 0 < 2.10.36-3ubuntu0.24.04.1+esm2 | 2.10.36-3ubuntu0.24.04.1+esm2 |
CVSS provenance
nvdv3.17.3HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
osv7.8HIGH