Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2025:22417

Опубликовано: 02 дек. 2025
Источник: rocky
Оценка: Important

Описание

Important: gimp:2.8 security update

The GIMP (GNU Image Manipulation Program) is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo.

Security Fix(es):

  • gimp: GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability (CVE-2025-10922)

  • gimp: GIMP ICNS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability (CVE-2025-10920)

  • gimp: GIMP WBMP File Parsing Integer Overflow Remote Code Execution Vulnerability (CVE-2025-10923)

  • gimp: GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability (CVE-2025-10921)

  • gimp: GIMP ILBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability (CVE-2025-10925)

  • gimp: GIMP FF File Parsing Integer Overflow Remote Code Execution Vulnerability (CVE-2025-10924)

  • gimp: GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability (CVE-2025-10934)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
gimpx86_6426.module+el8.10.0+40033+6fd27379.3gimp-2.8.22-26.module+el8.10.0+40033+6fd27379.3.x86_64.rpm
gimp-develx86_6426.module+el8.10.0+40033+6fd27379.3gimp-devel-2.8.22-26.module+el8.10.0+40033+6fd27379.3.x86_64.rpm
gimp-devel-toolsx86_6426.module+el8.10.0+40033+6fd27379.3gimp-devel-tools-2.8.22-26.module+el8.10.0+40033+6fd27379.3.x86_64.rpm
gimp-libsx86_6426.module+el8.10.0+40033+6fd27379.3gimp-libs-2.8.22-26.module+el8.10.0+40033+6fd27379.3.x86_64.rpm
pygobject2x86_645.module+el8.10.0+1927+52edb5a0pygobject2-2.28.7-5.module+el8.10.0+1927+52edb5a0.x86_64.rpm
pygobject2-codegenx86_645.module+el8.10.0+1927+52edb5a0pygobject2-codegen-2.28.7-5.module+el8.10.0+1927+52edb5a0.x86_64.rpm
pygobject2-develx86_645.module+el8.10.0+1927+52edb5a0pygobject2-devel-2.28.7-5.module+el8.10.0+1927+52edb5a0.x86_64.rpm
pygobject2-docx86_645.module+el8.10.0+1927+52edb5a0pygobject2-doc-2.28.7-5.module+el8.10.0+1927+52edb5a0.x86_64.rpm
pygtk2x86_6425.module+el8.9.0+1723+9bc93544pygtk2-2.24.0-25.module+el8.9.0+1723+9bc93544.x86_64.rpm
pygtk2-codegenx86_6425.module+el8.9.0+1723+9bc93544pygtk2-codegen-2.24.0-25.module+el8.9.0+1723+9bc93544.x86_64.rpm

Показывать по

Связанные CVE

CVE-2025-10920
CVE-2025-10921
CVE-2025-10922
CVE-2025-10923
CVE-2025-10924
CVE-2025-10925
CVE-2025-10934

Ссылки на источники

Исправления

Связанные уязвимости

rocky логотип

RLSA-2025:21968

rocky
около 2 месяцев назад

Important: gimp security update

oracle-oval логотип

ELSA-2025-22417

oracle-oval
около 2 месяцев назад

ELSA-2025-22417: gimp:2.8 security update (IMPORTANT)

oracle-oval логотип

ELSA-2025-21968

oracle-oval
около 2 месяцев назад

ELSA-2025-21968: gimp security update (IMPORTANT)

ubuntu логотип

CVE-2025-10920

CVSS3: 7.8
ubuntu
3 месяца назад

GIMP ICNS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ICNS files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27684.

nvd логотип

CVE-2025-10920

CVSS3: 7.8
nvd
3 месяца назад

GIMP ICNS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ICNS files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27684.