ELSA-2025-21968

Опубликовано: 25 нояб. 2025

Источник: oracle-oval

Платформа: Oracle Linux 9

Описание

ELSA-2025-21968: gimp security update (IMPORTANT)

[2:3.0.4-1.1]

fix CVE-2025-10920
fix CVE-2025-10921
fix CVE-2025-10922
fix CVE-2025-10923
fix CVE-2025-10924
fix CVE-2025-10925
fix CVE-2025-10934

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

gimp

3.0.4-1.el9_7.1

gimp-libs

3.0.4-1.el9_7.1

Oracle Linux x86_64

gimp

3.0.4-1.el9_7.1

gimp-libs

3.0.4-1.el9_7.1

Связанные CVE

Ссылки на источники

Связанные уязвимости

RLSA-2025:22417

rocky

2 месяца назад

Important: gimp:2.8 security update

RLSA-2025:21968

rocky

3 месяца назад

Important: gimp security update

ELSA-2025-22417

oracle-oval

2 месяца назад

ELSA-2025-22417: gimp:2.8 security update (IMPORTANT)

openSUSE-SU-2026:20055-1

suse-cvrf

23 дня назад

Security update for gimp

CVE-2025-10920

CVSS3: 7.8

ubuntu

3 месяца назад

GIMP ICNS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ICNS files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27684.