Описание
GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27823.
A heap-based buffer overflow in GIMP’s X Window Dump (XWD) file parser allows an attacker to craft a malicious XWD file (or a web page that triggers opening one) that can overflow a heap buffer during parsing and lead to remote code execution in the context of the GIMP process. The flaw is tracked as CVE-2025-10934 and was disclosed by Trend Micro’s Zero Day Initiative on 29 Oct 2025; GIMP has published a fix.
Отчет
Heap-based buffer overflows that occur during image-file parsing are high-risk because image libraries and editors routinely parse attacker-controlled files from email, the web, or shared drives; a successful overflow can corrupt heap metadata or function pointers and result in arbitrary code execution with the privileges of the GIMP process. Unlike a local information leak or read-only bug, this vulnerability enables control-flow hijacking (overwrite of heap-managed data or code pointers) when a user opens or previews a crafted XWD file — so an attacker only needs to get the victim to open a file or visit a page that causes the file to be loaded. The exploitability is increased when parsers perform large allocations based on unchecked length fields (the advisory describes missing validation of user-supplied lengths prior to copying into a heap buffer), which is a classic recipe for exploitable heap corruption. Because GIMP runs with the user’s privileges and is commonly installed on desktops, this makes the bug Important rather than merely Moderate.
Меры по смягчению последствий
No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | gimp | Out of support scope | ||
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | gimp | Fixed | RHSA-2025:22866 | 09.12.2025 |
| Red Hat Enterprise Linux 8 | gimp | Fixed | RHSA-2025:22417 | 01.12.2025 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | gimp | Fixed | RHSA-2026:0250 | 07.01.2026 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | gimp | Fixed | RHSA-2025:23857 | 22.12.2025 |
| Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On | gimp | Fixed | RHSA-2025:23857 | 22.12.2025 |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | gimp | Fixed | RHSA-2026:0356 | 08.01.2026 |
| Red Hat Enterprise Linux 8.6 Telecommunications Update Service | gimp | Fixed | RHSA-2026:0356 | 08.01.2026 |
| Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | gimp | Fixed | RHSA-2026:0356 | 08.01.2026 |
| Red Hat Enterprise Linux 8.8 Telecommunications Update Service | gimp | Fixed | RHSA-2026:0027 | 05.01.2026 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.8 High
CVSS3
Связанные уязвимости
GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27823.
GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27823.
GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution ...
GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27823.
EPSS
7.8 High
CVSS3