CVE-2025-48797

HIGH

GIMP - Heap Buffer Overflow

Title source: llm

Description

A flaw was found in GIMP when processing certain TGA image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing a heap buffer overflow.

References (14)

Core 14

Core References

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:9162

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:9165

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:9308

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:9309

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:9310

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:9314

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:9315

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:9316

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:9501

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:9569

Vendor Advisory vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2025-48797

Issue Tracking issue-tracking x_refsource_redhat

https://bugzilla.redhat.com/show_bug.cgi?id=2368558

Mailing List

https://lists.debian.org/debian-lts-announce/2025/10/msg00022.html

Issue Tracking

https://gitlab.gnome.org/GNOME/gimp/-/issues/11822

Scores

CVSS v3 7.3

EPSS 0.0008

EPSS Percentile 24.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-122

Status published

Products (14)

Red Hat/Red Hat Enterprise Linux 6

Red Hat/Red Hat Enterprise Linux 7 Extended Lifecycle Support 2:2.8.22-1.el7_9.2

Red Hat/Red Hat Enterprise Linux 8 8100020250614205641.4c9c024f

Red Hat/Red Hat Enterprise Linux 8.2 Advanced Update Support 8020020250618101631.c3a0935b

Red Hat/Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support 8040020250618100956.70584597

Red Hat/Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support 8060020250618100419.6af1eaf0

Red Hat/Red Hat Enterprise Linux 8.6 Telecommunications Update Service 8060020250618100419.6af1eaf0

Red Hat/Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions 8060020250618100419.6af1eaf0

Red Hat/Red Hat Enterprise Linux 8.8 Telecommunications Update Service 8080020250623120629.0621e4ee

Red Hat/Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions 8080020250623120629.0621e4ee

... and 4 more

Published May 27, 2025

Tracked Since Feb 18, 2026