Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-48798

Опубликовано: 27 мая 2025
Источник: debian
EPSS Низкий

Описание

A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
gimpfixed3.0.0~RC1-4package

Примечания

  • https://bugzilla.redhat.com/show_bug.cgi?id=2368557

  • https://gitlab.gnome.org/GNOME/gimp/-/issues/11822

  • Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/7d949423ed2231dd463968d86b58e0a3e01e6266 (GIMP_3_0_0_RC1)

  • Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/fe26086e16943860f3852120f546ce913a7a73ee (GIMP_3_0_0_RC1)

  • Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/e7523ed41271e48a909011b8598d496c1be642e2 (GIMP_3_0_0_RC2)

  • Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/ebf0b569a63f15b5dc7532f16936104af1e09f02 (gimp-2-10)

  • "xcf-load: avoid use-after-free for layers with multiple PROP_ACTIVE_LAYER" not needed in 2.10, which only supports one layer

EPSS

Процентиль: 2%
0.00014
Низкий

Связанные уязвимости

CVSS3: 7.3
ubuntu
23 дня назад

A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues.

CVSS3: 7.3
redhat
24 дня назад

A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues.

CVSS3: 7.3
nvd
23 дня назад

A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues.

CVSS3: 7.3
github
23 дня назад

A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues.

EPSS

Процентиль: 2%
0.00014
Низкий