fkie_nvd - fkie_cve-2025-48798

FKIE_CVE-2025-48798

Vulnerability from fkie_nvd - Published: 2025-05-27 14:15 - Updated: 2025-11-03 18:16

Severity ?

7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Summary

A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues.

References

	URL	Tags
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:9162
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:9165
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:9308
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:9309
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:9310
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:9314
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:9315
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:9316
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:9501
	secalert@redhat.com	https://access.redhat.com/errata/RHSA-2025:9569
	secalert@redhat.com	https://access.redhat.com/security/cve/CVE-2025-48798
	secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=2368557
	secalert@redhat.com	https://gitlab.gnome.org/GNOME/gimp/-/issues/11822
	af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2025/10/msg00022.html

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 una falla en GIMP al procesar archivos de imagen XCF. Si un usuario abre uno de estos archivos de imagen, manipulado espec\u00edficamente por un atacante, GIMP puede ser enga\u00f1ado y provocar graves errores de memoria, lo que podr\u00eda provocar fallos y problemas de use-after-free."
    }
  ],
  "id": "CVE-2025-48798",
  "lastModified": "2025-11-03T18:16:54.910",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.3,
        "impactScore": 5.9,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-05-27T14:15:24.307",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:9162"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:9165"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:9308"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:9309"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:9310"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:9314"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:9315"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:9316"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:9501"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:9569"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/security/cve/CVE-2025-48798"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368557"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://gitlab.gnome.org/GNOME/gimp/-/issues/11822"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00022.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    }
  ]
}

CVE-2025-48798 (GCVE-0-2025-48798)

Vulnerability from cvelistv5 – Published: 2025-05-27 14:05 – Updated: 2025-11-06 21:11

Summary

Severity ?

7.3 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2025:9162	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:9165	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:9308	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:9309	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:9310	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:9314	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:9315	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:9316	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:9501	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:9569	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2025-48798	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2368557	issue-trackingx_refsource_REDHAT
	https://gitlab.gnome.org/GNOME/gimp/-/issues/11822

Impacted products

Vendor

Product

Version

Affected: 0 , < 3.0.0 (semver)

Red Hat	Red Hat Enterprise Linux 7 Extended Lifecycle Support	Unaffected: 2:2.8.22-1.el7_9.2 , < * (rpm) cpe:/o:redhat:rhel_els:7
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 8100020250614205641.4c9c024f , < * (rpm) cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat	Red Hat Enterprise Linux 8.2 Advanced Update Support	Unaffected: 8020020250618101631.c3a0935b , < * (rpm) cpe:/a:redhat:rhel_aus:8.2::appstream
Red Hat	Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Unaffected: 8040020250618100956.70584597 , < * (rpm) cpe:/a:redhat:rhel_aus:8.4::appstream
Red Hat	Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	Unaffected: 8060020250618100419.6af1eaf0 , < * (rpm) cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream
Red Hat	Red Hat Enterprise Linux 8.6 Telecommunications Update Service	Unaffected: 8060020250618100419.6af1eaf0 , < * (rpm) cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream
Red Hat	Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	Unaffected: 8060020250618100419.6af1eaf0 , < * (rpm) cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/a:redhat:rhel_aus:8.6::appstream
Red Hat	Red Hat Enterprise Linux 8.8 Telecommunications Update Service	Unaffected: 8080020250623120629.0621e4ee , < * (rpm) cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream
Red Hat	Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions	Unaffected: 8080020250623120629.0621e4ee , < * (rpm) cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 2:2.99.8-4.el9_6.2 , < * (rpm) cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	Unaffected: 2:2.99.8-3.el9_0.1 , < * (rpm) cpe:/a:redhat:rhel_e4s:9.0::appstream
Red Hat	Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	Unaffected: 2:2.99.8-4.el9_2.1 , < * (rpm) cpe:/a:redhat:rhel_e4s:9.2::appstream
Red Hat	Red Hat Enterprise Linux 9.4 Extended Update Support	Unaffected: 2:2.99.8-4.el9_4.1 , < * (rpm) cpe:/a:redhat:rhel_eus:9.4::appstream
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-48798",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-27T14:21:28.420081Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-31T15:59:10.071Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T17:44:54.176Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://www.gimp.org/",
          "defaultStatus": "unaffected",
          "packageName": "gimp",
          "versions": [
            {
              "lessThan": "3.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_els:7"
          ],
          "defaultStatus": "affected",
          "packageName": "gimp",
          "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "2:2.8.22-1.el7_9.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "gimp:2.8",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8100020250614205641.4c9c024f",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "gimp:2.8",
          "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8020020250618101631.c3a0935b",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "gimp:2.8",
          "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8040020250618100956.70584597",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/a:redhat:rhel_aus:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "gimp:2.8",
          "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8060020250618100419.6af1eaf0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/a:redhat:rhel_aus:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "gimp:2.8",
          "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8060020250618100419.6af1eaf0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/a:redhat:rhel_aus:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "gimp:2.8",
          "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8060020250618100419.6af1eaf0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.8::appstream",
            "cpe:/a:redhat:rhel_tus:8.8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "gimp:2.8",
          "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8080020250623120629.0621e4ee",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.8::appstream",
            "cpe:/a:redhat:rhel_tus:8.8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "gimp:2.8",
          "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8080020250623120629.0621e4ee",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "gimp",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "2:2.99.8-4.el9_6.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.0::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "gimp",
          "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "2:2.99.8-3.el9_0.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "gimp",
          "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "2:2.99.8-4.el9_2.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "gimp",
          "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "2:2.99.8-4.el9_4.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "gimp",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2025-05-26T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-06T21:11:34.112Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:9162",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:9162"
        },
        {
          "name": "RHSA-2025:9165",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:9165"
        },
        {
          "name": "RHSA-2025:9308",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:9308"
        },
        {
          "name": "RHSA-2025:9309",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:9309"
        },
        {
          "name": "RHSA-2025:9310",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:9310"
        },
        {
          "name": "RHSA-2025:9314",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:9314"
        },
        {
          "name": "RHSA-2025:9315",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:9315"
        },
        {
          "name": "RHSA-2025:9316",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:9316"
        },
        {
          "name": "RHSA-2025:9501",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:9501"
        },
        {
          "name": "RHSA-2025:9569",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:9569"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-48798"
        },
        {
          "name": "RHBZ#2368557",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368557"
        },
        {
          "url": "https://gitlab.gnome.org/GNOME/gimp/-/issues/11822"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-05-26T10:33:15.119000+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-05-26T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Gimp: multiple use after free in xcf parser",
      "workarounds": [
        {
          "lang": "en",
          "value": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability."
        }
      ],
      "x_redhatCweChain": "CWE-416: Use After Free"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-48798",
    "datePublished": "2025-05-27T14:05:12.977Z",
    "dateReserved": "2025-05-26T10:51:51.496Z",
    "dateUpdated": "2025-11-06T21:11:34.112Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2025-48798

CVE-2025-48798 (GCVE-0-2025-48798)

Tags

Sightings

Nomenclature