Описание
A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues.
Отчет
This vulnerability in GIMP's XCF parser marked as Important rather than Moderate due to the nature and impact of the underlying memory management flaws—specifically, use-after-free and double-free conditions. These are not just stability issues; they are well-known, high-severity primitives that attackers often exploit to achieve arbitrary code execution. Given that GIMP is a widely used graphics application and image files are routinely exchanged, the attack vector is easily accessible and plausible through social engineering (e.g., email attachments or file downloads). Furthermore, such vulnerabilities occur during file parsing—a stage often executed automatically upon file open—minimizing user interaction and maximizing the risk.
Меры по смягчению последствий
No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | gimp | Out of support scope | ||
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | gimp | Fixed | RHSA-2025:9501 | 24.06.2025 |
| Red Hat Enterprise Linux 8 | gimp | Fixed | RHSA-2025:9165 | 17.06.2025 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | gimp | Fixed | RHSA-2025:9310 | 23.06.2025 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | gimp | Fixed | RHSA-2025:9308 | 23.06.2025 |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | gimp | Fixed | RHSA-2025:9309 | 23.06.2025 |
| Red Hat Enterprise Linux 8.6 Telecommunications Update Service | gimp | Fixed | RHSA-2025:9309 | 23.06.2025 |
| Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | gimp | Fixed | RHSA-2025:9309 | 23.06.2025 |
| Red Hat Enterprise Linux 8.8 Telecommunications Update Service | gimp | Fixed | RHSA-2025:9569 | 24.06.2025 |
| Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions | gimp | Fixed | RHSA-2025:9569 | 24.06.2025 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.3 High
CVSS3
Связанные уязвимости
A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues.
A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues.
A flaw was found in GIMP when processing XCF image files. If a user op ...
A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues.
EPSS
7.3 High
CVSS3