Untriaged
Permalink
CVE-2025-48796
7.3 HIGH
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): REQUIRED
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
Gimp: stack-based buffer overflows in file-ico
A flaw was found in GIMP. The GIMP ani_load_image() function is vulnerable to a stack-based overflow. If a user opens.ANI files, GIMP may be used to store more information than the capacity allows. This flaw allows a malicious ANI file to trigger arbitrary code execution.
References
- https://access.redhat.com/security/cve/CVE-2025-48796 x_refsource_REDHAT vdb-entry
- RHBZ#2368559 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-48796 x_refsource_REDHAT vdb-entry
- RHBZ#2368559 issue-tracking x_refsource_REDHAT
- RHBZ#2368559 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-48796 x_refsource_REDHAT vdb-entry
- RHBZ#2368559 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-48796 x_refsource_REDHAT vdb-entry
- https://access.redhat.com/security/cve/CVE-2025-48796 x_refsource_REDHAT vdb-entry
- RHBZ#2368559 issue-tracking x_refsource_REDHAT
- https://gitlab.gnome.org/GNOME/gimp/-/issues/9257
- https://access.redhat.com/security/cve/CVE-2025-48796 x_refsource_REDHAT vdb-entry
- RHBZ#2368559 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-48796 x_refsource_REDHAT vdb-entry
- RHBZ#2368559 issue-tracking x_refsource_REDHAT
- https://gitlab.gnome.org/GNOME/gimp/-/issues/9257
- https://access.redhat.com/security/cve/CVE-2025-48796 x_refsource_REDHAT vdb-entry
- RHBZ#2368559 issue-tracking x_refsource_REDHAT
- https://gitlab.gnome.org/GNOME/gimp/-/issues/9257
- https://gitlab.gnome.org/GNOME/gimp/-/issues/9257
- https://access.redhat.com/security/cve/CVE-2025-48796 x_refsource_REDHAT vdb-entry
- RHBZ#2368559 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-48796 x_refsource_REDHAT vdb-entry
- RHBZ#2368559 issue-tracking x_refsource_REDHAT
- https://gitlab.gnome.org/GNOME/gimp/-/issues/9257
Affected products
gimp
- <2.99.16
gimp:2.8/gimp
Matching in nixpkgs
pkgs.zigimports
Automatically remove unused imports and globals from Zig files
-
nixos-unstable -
- nixpkgs-unstable 0.1.0
pkgs.gimpPlugins.bimp
Batch Image Manipulation Plugin for GIMP
-
nixos-unstable -
- nixpkgs-unstable 2.6
pkgs.gimpPlugins.gimp
GNU Image Manipulation Program
-
nixos-unstable -
- nixpkgs-unstable 2.10.38
pkgs.gimpPlugins.gmic
GIMP plugin for the G'MIC image processing framework
-
nixos-unstable -
- nixpkgs-unstable 3.5.0
pkgs.gimp-with-plugins
GNU Image Manipulation Program
-
nixos-unstable -
- nixpkgs-unstable 2.10.38
pkgs.gimp3Plugins.gimp
GNU Image Manipulation Program
-
nixos-unstable -
- nixpkgs-unstable 3.0.4
pkgs.gimp3Plugins.gmic
GIMP plugin for the G'MIC image processing framework
-
nixos-unstable -
- nixpkgs-unstable 3.5.0
pkgs.gimp3-with-plugins
GNU Image Manipulation Program
-
nixos-unstable -
- nixpkgs-unstable 3.0.4
pkgs.gimpPlugins.fourier
GIMP plug-in to do the fourier transform
-
nixos-unstable -
- nixpkgs-unstable 0.4.3
pkgs.gimpPlugins.farbfeld
Gimp plug-in for the farbfeld image format
-
nixos-unstable -
- nixpkgs-unstable 2019-08-12
pkgs.gimpPlugins.lightning
None
pkgs.gimpPlugins.lqrPlugin
None
-
nixos-unstable -
- nixpkgs-unstable 0.7.2
pkgs.gimpPlugins.texturize
None
-
nixos-unstable -
- nixpkgs-unstable 2.2+unstable=2021-12-03
pkgs.gimp3Plugins.lightning
None
pkgs.gimpPlugins.gimplensfun
GIMP plugin to correct lens distortion using the lensfun library and database
-
nixos-unstable -
- nixpkgs-unstable 2018-10-21
pkgs.gimpPlugins.resynthesizer
None
-
nixos-unstable -
- nixpkgs-unstable 2.0.3
pkgs.gimpPlugins.waveletSharpen
None
-
nixos-unstable -
- nixpkgs-unstable 0.1.2
Package maintainers
-
@jtojnar Jan Tojnar <jtojnar@gmail.com>
-
@sikmir Nikolay Korotkiy <sikmir@disroot.org>
-
@jmbaur Jared Baur <jaredbaur@fastmail.com>