6.6 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): LOW
- Integrity impact (I): LOW
- Availability impact (A): HIGH
Gimp: gimp integer overflow
A flaw was found in GIMP. An integer overflow vulnerability exists in the GIMP "Despeckle" plug-in. The issue occurs due to unchecked multiplication of image dimensions, such as width, height, and bytes-per-pixel (img_bpp), which can result in allocating insufficient memory and subsequently performing out-of-bounds writes. This issue could lead to heap corruption, a potential denial of service (DoS), or arbitrary code execution in certain scenarios.
References
- https://access.redhat.com/security/cve/CVE-2025-6035 x_refsource_REDHAT vdb-entry
- RHBZ#2372515 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-6035 x_refsource_REDHAT vdb-entry
- RHBZ#2372515 issue-tracking x_refsource_REDHAT
- RHBZ#2372515 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-6035 x_refsource_REDHAT vdb-entry
- https://access.redhat.com/security/cve/CVE-2025-6035 x_refsource_REDHAT vdb-entry
- RHBZ#2372515 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-6035 x_refsource_REDHAT vdb-entry
- RHBZ#2372515 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-6035 x_refsource_REDHAT vdb-entry
- RHBZ#2372515 issue-tracking x_refsource_REDHAT
- https://lists.debian.org/debian-lts-announce/2025/10/msg00022.html
- RHBZ#2372515 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-6035 x_refsource_REDHAT vdb-entry
- https://lists.debian.org/debian-lts-announce/2025/10/msg00022.html
- https://access.redhat.com/security/cve/CVE-2025-6035 x_refsource_REDHAT vdb-entry
- RHBZ#2372515 issue-tracking x_refsource_REDHAT
- https://lists.debian.org/debian-lts-announce/2025/10/msg00022.html
- https://access.redhat.com/security/cve/CVE-2025-6035 x_refsource_REDHAT vdb-entry
- RHBZ#2372515 issue-tracking x_refsource_REDHAT
- https://lists.debian.org/debian-lts-announce/2025/10/msg00022.html
- https://access.redhat.com/security/cve/CVE-2025-6035 x_refsource_REDHAT vdb-entry
- RHBZ#2372515 issue-tracking x_refsource_REDHAT
- https://lists.debian.org/debian-lts-announce/2025/10/msg00022.html
- https://access.redhat.com/security/cve/CVE-2025-6035 x_refsource_REDHAT vdb-entry
- RHBZ#2372515 issue-tracking x_refsource_REDHAT
- https://lists.debian.org/debian-lts-announce/2025/10/msg00022.html
- RHBZ#2372515 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-6035 x_refsource_REDHAT vdb-entry
- https://lists.debian.org/debian-lts-announce/2025/10/msg00022.html
Affected products
- <3.0.4
Matching in nixpkgs
pkgs.zigimports
Automatically remove unused imports and globals from Zig files
-
nixos-unstable -
- nixpkgs-unstable 0.1.0
pkgs.gimpPlugins.bimp
Batch Image Manipulation Plugin for GIMP
-
nixos-unstable -
- nixpkgs-unstable 2.6
pkgs.gimpPlugins.gimp
GNU Image Manipulation Program
-
nixos-unstable -
- nixpkgs-unstable 2.10.38
pkgs.gimpPlugins.gmic
GIMP plugin for the G'MIC image processing framework
-
nixos-unstable -
- nixpkgs-unstable 3.5.0
pkgs.gimp-with-plugins
GNU Image Manipulation Program
-
nixos-unstable -
- nixpkgs-unstable 2.10.38
pkgs.gimp3Plugins.gimp
GNU Image Manipulation Program
-
nixos-unstable -
- nixpkgs-unstable 3.0.4
pkgs.gimp3Plugins.gmic
GIMP plugin for the G'MIC image processing framework
-
nixos-unstable -
- nixpkgs-unstable 3.5.0
pkgs.gimp3-with-plugins
GNU Image Manipulation Program
-
nixos-unstable -
- nixpkgs-unstable 3.0.4
pkgs.gimpPlugins.fourier
GIMP plug-in to do the fourier transform
-
nixos-unstable -
- nixpkgs-unstable 0.4.3
pkgs.gimpPlugins.farbfeld
Gimp plug-in for the farbfeld image format
-
nixos-unstable -
- nixpkgs-unstable 2019-08-12
pkgs.gimpPlugins.lightning
None
pkgs.gimpPlugins.lqrPlugin
None
-
nixos-unstable -
- nixpkgs-unstable 0.7.2
pkgs.gimpPlugins.texturize
None
-
nixos-unstable -
- nixpkgs-unstable 2.2+unstable=2021-12-03
pkgs.gimp3Plugins.lightning
None
pkgs.gimpPlugins.gimplensfun
GIMP plugin to correct lens distortion using the lensfun library and database
-
nixos-unstable -
- nixpkgs-unstable 2018-10-21
pkgs.gimpPlugins.resynthesizer
None
-
nixos-unstable -
- nixpkgs-unstable 2.0.3
pkgs.gimpPlugins.waveletSharpen
None
-
nixos-unstable -
- nixpkgs-unstable 0.1.2
Package maintainers
-
@jtojnar Jan Tojnar <jtojnar@gmail.com>
-
@sikmir Nikolay Korotkiy <sikmir@disroot.org>
-
@jmbaur Jared Baur <jaredbaur@fastmail.com>