Untriaged
Permalink
CVE-2025-48797
7.3 HIGH
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): REQUIRED
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
Gimp: multiple heap buffer overflows in tga parser
A flaw was found in GIMP when processing certain TGA image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing a heap buffer overflow.
References
- https://access.redhat.com/security/cve/CVE-2025-48797 x_refsource_REDHAT vdb-entry
- RHBZ#2368558 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-48797 x_refsource_REDHAT vdb-entry
- RHBZ#2368558 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-48797 x_refsource_REDHAT vdb-entry
- RHBZ#2368558 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-48797 x_refsource_REDHAT vdb-entry
- RHBZ#2368558 issue-tracking x_refsource_REDHAT
- RHSA-2025:9162 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9165 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-48797 x_refsource_REDHAT vdb-entry
- RHBZ#2368558 issue-tracking x_refsource_REDHAT
- RHSA-2025:9162 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9165 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9308 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9309 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9310 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9314 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9315 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9316 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-48797 x_refsource_REDHAT vdb-entry
- RHBZ#2368558 issue-tracking x_refsource_REDHAT
- RHSA-2025:9162 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9165 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9308 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9309 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9310 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9314 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9315 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9316 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9501 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-48797 x_refsource_REDHAT vdb-entry
- RHBZ#2368558 issue-tracking x_refsource_REDHAT
- RHSA-2025:9162 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9165 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9308 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9309 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9310 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9314 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9315 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9316 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9501 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9569 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-48797 x_refsource_REDHAT vdb-entry
- RHBZ#2368558 issue-tracking x_refsource_REDHAT
- RHSA-2025:9162 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9165 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9308 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9309 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9310 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9314 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9315 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9316 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9501 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9569 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-48797 x_refsource_REDHAT vdb-entry
- RHBZ#2368558 issue-tracking x_refsource_REDHAT
- RHSA-2025:9314 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9315 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9316 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9501 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9569 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-48797 x_refsource_REDHAT vdb-entry
- RHBZ#2368558 issue-tracking x_refsource_REDHAT
- https://gitlab.gnome.org/GNOME/gimp/-/issues/11822
- RHSA-2025:9162 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9165 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9308 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9309 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9310 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9569 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-48797 x_refsource_REDHAT vdb-entry
- RHBZ#2368558 issue-tracking x_refsource_REDHAT
- https://gitlab.gnome.org/GNOME/gimp/-/issues/11822
- RHSA-2025:9162 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9165 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9308 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9309 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9310 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9314 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9315 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9316 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9501 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-48797 x_refsource_REDHAT vdb-entry
- RHBZ#2368558 issue-tracking x_refsource_REDHAT
- https://gitlab.gnome.org/GNOME/gimp/-/issues/11822
- RHSA-2025:9162 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9165 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9308 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9309 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9310 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9314 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9315 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9316 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9501 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9569 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9162 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9165 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9308 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9309 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9310 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9314 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9315 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9316 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9501 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9569 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-48797 x_refsource_REDHAT vdb-entry
- RHBZ#2368558 issue-tracking x_refsource_REDHAT
- https://gitlab.gnome.org/GNOME/gimp/-/issues/11822
- RHSA-2025:9165 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9308 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9309 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9310 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9314 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9315 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9316 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9501 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9569 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-48797 x_refsource_REDHAT vdb-entry
- RHBZ#2368558 issue-tracking x_refsource_REDHAT
- https://gitlab.gnome.org/GNOME/gimp/-/issues/11822
- RHSA-2025:9162 x_refsource_REDHAT vendor-advisory
- https://lists.debian.org/debian-lts-announce/2025/10/msg00022.html
- RHSA-2025:9501 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9569 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-48797 x_refsource_REDHAT vdb-entry
- RHBZ#2368558 issue-tracking x_refsource_REDHAT
- https://gitlab.gnome.org/GNOME/gimp/-/issues/11822
- RHSA-2025:9162 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9165 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9308 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9309 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9310 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9314 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9315 x_refsource_REDHAT vendor-advisory
- RHSA-2025:9316 x_refsource_REDHAT vendor-advisory
- https://lists.debian.org/debian-lts-announce/2025/10/msg00022.html
Affected products
gimp
- <3.0.0
- *
gimp:2.8
- *
gimp:2.8/gimp
Matching in nixpkgs
pkgs.zigimports
Automatically remove unused imports and globals from Zig files
-
nixos-unstable -
- nixpkgs-unstable 0.1.0
pkgs.gimpPlugins.bimp
Batch Image Manipulation Plugin for GIMP
-
nixos-unstable -
- nixpkgs-unstable 2.6
pkgs.gimpPlugins.gimp
GNU Image Manipulation Program
-
nixos-unstable -
- nixpkgs-unstable 2.10.38
pkgs.gimpPlugins.gmic
GIMP plugin for the G'MIC image processing framework
-
nixos-unstable -
- nixpkgs-unstable 3.5.0
pkgs.gimp-with-plugins
GNU Image Manipulation Program
-
nixos-unstable -
- nixpkgs-unstable 2.10.38
pkgs.gimp3Plugins.gimp
GNU Image Manipulation Program
-
nixos-unstable -
- nixpkgs-unstable 3.0.4
pkgs.gimp3Plugins.gmic
GIMP plugin for the G'MIC image processing framework
-
nixos-unstable -
- nixpkgs-unstable 3.5.0
pkgs.gimp3-with-plugins
GNU Image Manipulation Program
-
nixos-unstable -
- nixpkgs-unstable 3.0.4
pkgs.gimpPlugins.fourier
GIMP plug-in to do the fourier transform
-
nixos-unstable -
- nixpkgs-unstable 0.4.3
pkgs.gimpPlugins.farbfeld
Gimp plug-in for the farbfeld image format
-
nixos-unstable -
- nixpkgs-unstable 2019-08-12
pkgs.gimpPlugins.lightning
None
pkgs.gimpPlugins.lqrPlugin
None
-
nixos-unstable -
- nixpkgs-unstable 0.7.2
pkgs.gimpPlugins.texturize
None
-
nixos-unstable -
- nixpkgs-unstable 2.2+unstable=2021-12-03
pkgs.gimp3Plugins.lightning
None
pkgs.gimpPlugins.gimplensfun
GIMP plugin to correct lens distortion using the lensfun library and database
-
nixos-unstable -
- nixpkgs-unstable 2018-10-21
pkgs.gimpPlugins.resynthesizer
None
-
nixos-unstable -
- nixpkgs-unstable 2.0.3
pkgs.gimpPlugins.waveletSharpen
None
-
nixos-unstable -
- nixpkgs-unstable 0.1.2
Package maintainers
-
@jtojnar Jan Tojnar <jtojnar@gmail.com>
-
@sikmir Nikolay Korotkiy <sikmir@disroot.org>
-
@jmbaur Jared Baur <jaredbaur@fastmail.com>