Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-2760

Опубликовано: 23 апр. 2025
Источник: debian
EPSS Низкий

Описание

GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25082.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
gimpfixed3.0.4-3package

Примечания

  • https://www.zerodayinitiative.com/advisories/ZDI-25-203/

  • https://gitlab.gnome.org/GNOME/gimp/-/issues/12790

  • Original fix incomplete (for 32bit systems):

  • https://gitlab.gnome.org/GNOME/gimp/-/issues/12790#note_2468776

  • https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2323

EPSS

Процентиль: 34%
0.00135
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-2760

CVSS3: 7.8
ubuntu
8 месяцев назад

GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25082.

nvd логотип

CVE-2025-2760

CVSS3: 7.8
nvd
8 месяцев назад

GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25082.

suse-cvrf логотип

SUSE-SU-2025:03075-1

suse-cvrf
4 месяца назад

Security update for gimp

github логотип

GHSA-q89g-m3mc-fgwc

CVSS3: 7.8
github
8 месяцев назад

GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25082.

fstec логотип

BDU:2025-11271

CVSS3: 7.8
fstec
9 месяцев назад

Уязвимость компонента XWD File Parser графического редактора GIMP, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 34%
0.00135
Низкий