Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-48798

Опубликовано: 27 мая 2025
Источник: debian

Описание

A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
gimpfixed3.0.0~RC1-4package

Примечания

  • https://bugzilla.redhat.com/show_bug.cgi?id=2368557

  • https://gitlab.gnome.org/GNOME/gimp/-/issues/11822

  • Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/7d949423ed2231dd463968d86b58e0a3e01e6266 (GIMP_3_0_0_RC1)

  • Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/fe26086e16943860f3852120f546ce913a7a73ee (GIMP_3_0_0_RC1)

  • Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/e7523ed41271e48a909011b8598d496c1be642e2 (GIMP_3_0_0_RC2)

  • Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/ebf0b569a63f15b5dc7532f16936104af1e09f02 (gimp-2-10)

  • "xcf-load: avoid use-after-free for layers with multiple PROP_ACTIVE_LAYER" not needed in 2.10, which only supports one layer

Связанные уязвимости

ubuntu логотип

CVE-2025-48798

CVSS3: 7.3
ubuntu
10 месяцев назад

A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues.

redhat логотип

CVE-2025-48798

CVSS3: 7.3
redhat
10 месяцев назад

A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues.

nvd логотип

CVE-2025-48798

CVSS3: 7.3
nvd
10 месяцев назад

A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues.

github логотип

GHSA-7p2h-v67m-x5qx

CVSS3: 7.3
github
10 месяцев назад

A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues.

fstec логотип

BDU:2025-09833

CVSS3: 7.3
fstec
10 месяцев назад

Уязвимость графического редактора GIMP, связанная с использованием памяти после её освобождения, позволяющая нарушителю вызвать отказ в обслуживании