CVE-2025-48798
published 2025-05-27CVE-2025-48798: A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be…
high7.3CVSS 3.1
AVLACLPRLUIRSUCHIHAH
A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gimp | < gimp 2.10.34-1+deb12u3 (bookworm) | gimp 2.10.34-1+deb12u3 (bookworm) |
| gimp | gimp | >= 0 < 2.10.22-4+deb11u3 | 2.10.22-4+deb11u3 |
| gimp | gimp | >= 0 < 2.10.34-1+deb12u3 | 2.10.34-1+deb12u3 |
| gimp | gimp | >= 0 < 3.0.0~RC1-4 | 3.0.0~RC1-4 |
| gimp | gimp | >= 0 < 3.0.0~RC1-4 | 3.0.0~RC1-4 |
| gimp | gimp | >= 0 < 2.8.16-1ubuntu1.1+esm2 | 2.8.16-1ubuntu1.1+esm2 |
| gimp | gimp | >= 0 < 2.8.22-1ubuntu0.1~esm2 | 2.8.22-1ubuntu0.1~esm2 |
| gimp | gimp | >= 0 < 2.10.18-1ubuntu0.1+esm2 | 2.10.18-1ubuntu0.1+esm2 |
| gimp | gimp | >= 0 < 2.10.30-1ubuntu0.1+esm2 | 2.10.30-1ubuntu0.1+esm2 |
| gimp | gimp | >= 0 < 2.10.36-3ubuntu0.24.04.1+esm2 | 2.10.36-3ubuntu0.24.04.1+esm2 |
CVSS provenance
nvdv3.17.3HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
osv7.8HIGH