Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-2760

Опубликовано: 23 апр. 2025
Источник: nvd
CVSS3: 7.8
CVSS3: 7.8
EPSS Низкий

Описание

GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25082.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:gimp:gimp:2.10.38:*:*:*:*:*:*:*

EPSS

Процентиль: 34%
0.00135
Низкий

7.8 High

CVSS3

7.8 High

CVSS3

Дефекты

CWE-190

Связанные уязвимости

ubuntu логотип

CVE-2025-2760

CVSS3: 7.8
ubuntu
8 месяцев назад

GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25082.

debian логотип

CVE-2025-2760

CVSS3: 7.8
debian
8 месяцев назад

GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerabi ...

suse-cvrf логотип

SUSE-SU-2025:03075-1

suse-cvrf
4 месяца назад

Security update for gimp

github логотип

GHSA-q89g-m3mc-fgwc

CVSS3: 7.8
github
8 месяцев назад

GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25082.

fstec логотип

BDU:2025-11271

CVSS3: 7.8
fstec
9 месяцев назад

Уязвимость компонента XWD File Parser графического редактора GIMP, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 34%
0.00135
Низкий

7.8 High

CVSS3

7.8 High

CVSS3

Дефекты

CWE-190