CVE-2025-48798

HIGH

GIMP - Use After Free

Title source: llm

Description

A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues.

References (14)

Core 14

Core References

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:9162

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:9165

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:9308

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:9309

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:9310

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:9314

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:9315

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:9316

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:9501

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:9569

Vendor Advisory vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2025-48798

Issue Tracking issue-tracking x_refsource_redhat

https://bugzilla.redhat.com/show_bug.cgi?id=2368557

Mailing List

https://lists.debian.org/debian-lts-announce/2025/10/msg00022.html

Issue Tracking

https://gitlab.gnome.org/GNOME/gimp/-/issues/11822

Scores

CVSS v3 7.3

EPSS 0.0008

EPSS Percentile 24.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-416

Status published

Products (14)

Red Hat/Red Hat Enterprise Linux 6

Red Hat/Red Hat Enterprise Linux 7 Extended Lifecycle Support 2:2.8.22-1.el7_9.2

Red Hat/Red Hat Enterprise Linux 8 8100020250614205641.4c9c024f

Red Hat/Red Hat Enterprise Linux 8.2 Advanced Update Support 8020020250618101631.c3a0935b

Red Hat/Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support 8040020250618100956.70584597

Red Hat/Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support 8060020250618100419.6af1eaf0

Red Hat/Red Hat Enterprise Linux 8.6 Telecommunications Update Service 8060020250618100419.6af1eaf0

Red Hat/Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions 8060020250618100419.6af1eaf0

Red Hat/Red Hat Enterprise Linux 8.8 Telecommunications Update Service 8080020250623120629.0621e4ee

Red Hat/Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions 8080020250623120629.0621e4ee

... and 4 more

Published May 27, 2025

Tracked Since Feb 18, 2026