RHSA-2025:22445
Vulnerability from csaf_redhat - Published: 2025-12-01 19:44 - Updated: 2025-12-02 06:44Summary
Red Hat Security Advisory: gimp security update
Notes
Topic
An update for gimp is now available for Red Hat Enterprise Linux 9.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The GIMP (GNU Image Manipulation Program) is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo.
Security Fix(es):
* gimp: GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability (CVE-2025-10922)
* gimp: GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability (CVE-2025-10934)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for gimp is now available for Red Hat Enterprise Linux 9.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The GIMP (GNU Image Manipulation Program) is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo.\n\nSecurity Fix(es):\n\n* gimp: GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability (CVE-2025-10922)\n\n* gimp: GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability (CVE-2025-10934)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:22445",
"url": "https://access.redhat.com/errata/RHSA-2025:22445"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2407188",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407188"
},
{
"category": "external",
"summary": "2407233",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407233"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_22445.json"
}
],
"title": "Red Hat Security Advisory: gimp security update",
"tracking": {
"current_release_date": "2025-12-02T06:44:40+00:00",
"generator": {
"date": "2025-12-02T06:44:40+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.13"
}
},
"id": "RHSA-2025:22445",
"initial_release_date": "2025-12-01T19:44:30+00:00",
"revision_history": [
{
"date": "2025-12-01T19:44:30+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-01T19:44:30+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-12-02T06:44:40+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.6::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "gimp-2:2.99.8-4.el9_6.3.src",
"product": {
"name": "gimp-2:2.99.8-4.el9_6.3.src",
"product_id": "gimp-2:2.99.8-4.el9_6.3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gimp@2.99.8-4.el9_6.3?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "gimp-2:2.99.8-4.el9_6.3.aarch64",
"product": {
"name": "gimp-2:2.99.8-4.el9_6.3.aarch64",
"product_id": "gimp-2:2.99.8-4.el9_6.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gimp@2.99.8-4.el9_6.3?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "gimp-libs-2:2.99.8-4.el9_6.3.aarch64",
"product": {
"name": "gimp-libs-2:2.99.8-4.el9_6.3.aarch64",
"product_id": "gimp-libs-2:2.99.8-4.el9_6.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gimp-libs@2.99.8-4.el9_6.3?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "gimp-debugsource-2:2.99.8-4.el9_6.3.aarch64",
"product": {
"name": "gimp-debugsource-2:2.99.8-4.el9_6.3.aarch64",
"product_id": "gimp-debugsource-2:2.99.8-4.el9_6.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gimp-debugsource@2.99.8-4.el9_6.3?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "gimp-debuginfo-2:2.99.8-4.el9_6.3.aarch64",
"product": {
"name": "gimp-debuginfo-2:2.99.8-4.el9_6.3.aarch64",
"product_id": "gimp-debuginfo-2:2.99.8-4.el9_6.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gimp-debuginfo@2.99.8-4.el9_6.3?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.aarch64",
"product": {
"name": "gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.aarch64",
"product_id": "gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gimp-devel-tools-debuginfo@2.99.8-4.el9_6.3?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.aarch64",
"product": {
"name": "gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.aarch64",
"product_id": "gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gimp-libs-debuginfo@2.99.8-4.el9_6.3?arch=aarch64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "gimp-2:2.99.8-4.el9_6.3.ppc64le",
"product": {
"name": "gimp-2:2.99.8-4.el9_6.3.ppc64le",
"product_id": "gimp-2:2.99.8-4.el9_6.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gimp@2.99.8-4.el9_6.3?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "gimp-libs-2:2.99.8-4.el9_6.3.ppc64le",
"product": {
"name": "gimp-libs-2:2.99.8-4.el9_6.3.ppc64le",
"product_id": "gimp-libs-2:2.99.8-4.el9_6.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gimp-libs@2.99.8-4.el9_6.3?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "gimp-debugsource-2:2.99.8-4.el9_6.3.ppc64le",
"product": {
"name": "gimp-debugsource-2:2.99.8-4.el9_6.3.ppc64le",
"product_id": "gimp-debugsource-2:2.99.8-4.el9_6.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gimp-debugsource@2.99.8-4.el9_6.3?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "gimp-debuginfo-2:2.99.8-4.el9_6.3.ppc64le",
"product": {
"name": "gimp-debuginfo-2:2.99.8-4.el9_6.3.ppc64le",
"product_id": "gimp-debuginfo-2:2.99.8-4.el9_6.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gimp-debuginfo@2.99.8-4.el9_6.3?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.ppc64le",
"product": {
"name": "gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.ppc64le",
"product_id": "gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gimp-devel-tools-debuginfo@2.99.8-4.el9_6.3?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.ppc64le",
"product": {
"name": "gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.ppc64le",
"product_id": "gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gimp-libs-debuginfo@2.99.8-4.el9_6.3?arch=ppc64le\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "gimp-2:2.99.8-4.el9_6.3.x86_64",
"product": {
"name": "gimp-2:2.99.8-4.el9_6.3.x86_64",
"product_id": "gimp-2:2.99.8-4.el9_6.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gimp@2.99.8-4.el9_6.3?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "gimp-libs-2:2.99.8-4.el9_6.3.x86_64",
"product": {
"name": "gimp-libs-2:2.99.8-4.el9_6.3.x86_64",
"product_id": "gimp-libs-2:2.99.8-4.el9_6.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gimp-libs@2.99.8-4.el9_6.3?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "gimp-debugsource-2:2.99.8-4.el9_6.3.x86_64",
"product": {
"name": "gimp-debugsource-2:2.99.8-4.el9_6.3.x86_64",
"product_id": "gimp-debugsource-2:2.99.8-4.el9_6.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gimp-debugsource@2.99.8-4.el9_6.3?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "gimp-debuginfo-2:2.99.8-4.el9_6.3.x86_64",
"product": {
"name": "gimp-debuginfo-2:2.99.8-4.el9_6.3.x86_64",
"product_id": "gimp-debuginfo-2:2.99.8-4.el9_6.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gimp-debuginfo@2.99.8-4.el9_6.3?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.x86_64",
"product": {
"name": "gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.x86_64",
"product_id": "gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gimp-devel-tools-debuginfo@2.99.8-4.el9_6.3?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.x86_64",
"product": {
"name": "gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.x86_64",
"product_id": "gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gimp-libs-debuginfo@2.99.8-4.el9_6.3?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "gimp-libs-2:2.99.8-4.el9_6.3.i686",
"product": {
"name": "gimp-libs-2:2.99.8-4.el9_6.3.i686",
"product_id": "gimp-libs-2:2.99.8-4.el9_6.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gimp-libs@2.99.8-4.el9_6.3?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "gimp-debugsource-2:2.99.8-4.el9_6.3.i686",
"product": {
"name": "gimp-debugsource-2:2.99.8-4.el9_6.3.i686",
"product_id": "gimp-debugsource-2:2.99.8-4.el9_6.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gimp-debugsource@2.99.8-4.el9_6.3?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "gimp-debuginfo-2:2.99.8-4.el9_6.3.i686",
"product": {
"name": "gimp-debuginfo-2:2.99.8-4.el9_6.3.i686",
"product_id": "gimp-debuginfo-2:2.99.8-4.el9_6.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gimp-debuginfo@2.99.8-4.el9_6.3?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.i686",
"product": {
"name": "gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.i686",
"product_id": "gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gimp-devel-tools-debuginfo@2.99.8-4.el9_6.3?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.i686",
"product": {
"name": "gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.i686",
"product_id": "gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gimp-libs-debuginfo@2.99.8-4.el9_6.3?arch=i686\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "gimp-2:2.99.8-4.el9_6.3.s390x",
"product": {
"name": "gimp-2:2.99.8-4.el9_6.3.s390x",
"product_id": "gimp-2:2.99.8-4.el9_6.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gimp@2.99.8-4.el9_6.3?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "gimp-libs-2:2.99.8-4.el9_6.3.s390x",
"product": {
"name": "gimp-libs-2:2.99.8-4.el9_6.3.s390x",
"product_id": "gimp-libs-2:2.99.8-4.el9_6.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gimp-libs@2.99.8-4.el9_6.3?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "gimp-debugsource-2:2.99.8-4.el9_6.3.s390x",
"product": {
"name": "gimp-debugsource-2:2.99.8-4.el9_6.3.s390x",
"product_id": "gimp-debugsource-2:2.99.8-4.el9_6.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gimp-debugsource@2.99.8-4.el9_6.3?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "gimp-debuginfo-2:2.99.8-4.el9_6.3.s390x",
"product": {
"name": "gimp-debuginfo-2:2.99.8-4.el9_6.3.s390x",
"product_id": "gimp-debuginfo-2:2.99.8-4.el9_6.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gimp-debuginfo@2.99.8-4.el9_6.3?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.s390x",
"product": {
"name": "gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.s390x",
"product_id": "gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gimp-devel-tools-debuginfo@2.99.8-4.el9_6.3?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.s390x",
"product": {
"name": "gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.s390x",
"product_id": "gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gimp-libs-debuginfo@2.99.8-4.el9_6.3?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "gimp-2:2.99.8-4.el9_6.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:gimp-2:2.99.8-4.el9_6.3.aarch64"
},
"product_reference": "gimp-2:2.99.8-4.el9_6.3.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gimp-2:2.99.8-4.el9_6.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:gimp-2:2.99.8-4.el9_6.3.ppc64le"
},
"product_reference": "gimp-2:2.99.8-4.el9_6.3.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gimp-2:2.99.8-4.el9_6.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:gimp-2:2.99.8-4.el9_6.3.s390x"
},
"product_reference": "gimp-2:2.99.8-4.el9_6.3.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gimp-2:2.99.8-4.el9_6.3.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:gimp-2:2.99.8-4.el9_6.3.src"
},
"product_reference": "gimp-2:2.99.8-4.el9_6.3.src",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gimp-2:2.99.8-4.el9_6.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:gimp-2:2.99.8-4.el9_6.3.x86_64"
},
"product_reference": "gimp-2:2.99.8-4.el9_6.3.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gimp-debuginfo-2:2.99.8-4.el9_6.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:gimp-debuginfo-2:2.99.8-4.el9_6.3.aarch64"
},
"product_reference": "gimp-debuginfo-2:2.99.8-4.el9_6.3.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gimp-debuginfo-2:2.99.8-4.el9_6.3.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:gimp-debuginfo-2:2.99.8-4.el9_6.3.i686"
},
"product_reference": "gimp-debuginfo-2:2.99.8-4.el9_6.3.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gimp-debuginfo-2:2.99.8-4.el9_6.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:gimp-debuginfo-2:2.99.8-4.el9_6.3.ppc64le"
},
"product_reference": "gimp-debuginfo-2:2.99.8-4.el9_6.3.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gimp-debuginfo-2:2.99.8-4.el9_6.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:gimp-debuginfo-2:2.99.8-4.el9_6.3.s390x"
},
"product_reference": "gimp-debuginfo-2:2.99.8-4.el9_6.3.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gimp-debuginfo-2:2.99.8-4.el9_6.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:gimp-debuginfo-2:2.99.8-4.el9_6.3.x86_64"
},
"product_reference": "gimp-debuginfo-2:2.99.8-4.el9_6.3.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gimp-debugsource-2:2.99.8-4.el9_6.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:gimp-debugsource-2:2.99.8-4.el9_6.3.aarch64"
},
"product_reference": "gimp-debugsource-2:2.99.8-4.el9_6.3.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gimp-debugsource-2:2.99.8-4.el9_6.3.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:gimp-debugsource-2:2.99.8-4.el9_6.3.i686"
},
"product_reference": "gimp-debugsource-2:2.99.8-4.el9_6.3.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gimp-debugsource-2:2.99.8-4.el9_6.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:gimp-debugsource-2:2.99.8-4.el9_6.3.ppc64le"
},
"product_reference": "gimp-debugsource-2:2.99.8-4.el9_6.3.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gimp-debugsource-2:2.99.8-4.el9_6.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:gimp-debugsource-2:2.99.8-4.el9_6.3.s390x"
},
"product_reference": "gimp-debugsource-2:2.99.8-4.el9_6.3.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gimp-debugsource-2:2.99.8-4.el9_6.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:gimp-debugsource-2:2.99.8-4.el9_6.3.x86_64"
},
"product_reference": "gimp-debugsource-2:2.99.8-4.el9_6.3.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.aarch64"
},
"product_reference": "gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.i686"
},
"product_reference": "gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.ppc64le"
},
"product_reference": "gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.s390x"
},
"product_reference": "gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.x86_64"
},
"product_reference": "gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gimp-libs-2:2.99.8-4.el9_6.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:gimp-libs-2:2.99.8-4.el9_6.3.aarch64"
},
"product_reference": "gimp-libs-2:2.99.8-4.el9_6.3.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gimp-libs-2:2.99.8-4.el9_6.3.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:gimp-libs-2:2.99.8-4.el9_6.3.i686"
},
"product_reference": "gimp-libs-2:2.99.8-4.el9_6.3.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gimp-libs-2:2.99.8-4.el9_6.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:gimp-libs-2:2.99.8-4.el9_6.3.ppc64le"
},
"product_reference": "gimp-libs-2:2.99.8-4.el9_6.3.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gimp-libs-2:2.99.8-4.el9_6.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:gimp-libs-2:2.99.8-4.el9_6.3.s390x"
},
"product_reference": "gimp-libs-2:2.99.8-4.el9_6.3.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gimp-libs-2:2.99.8-4.el9_6.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:gimp-libs-2:2.99.8-4.el9_6.3.x86_64"
},
"product_reference": "gimp-libs-2:2.99.8-4.el9_6.3.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.aarch64"
},
"product_reference": "gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.i686"
},
"product_reference": "gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.ppc64le"
},
"product_reference": "gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.s390x"
},
"product_reference": "gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.x86_64"
},
"product_reference": "gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-10922",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2025-10-29T20:01:15.221800+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407188"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer overflow vulnerability was discovered in GIMP\u2019s DICOM (DCM) file parser. The flaw occurs because the application fails to properly validate the length of user-supplied data before copying it to a heap buffer. This can lead to arbitrary code execution when a user opens a specially crafted DCM image file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gimp: GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is marked as Important rather than Critical, this flaw remains technically significant because it enables remote code execution through malformed image content. The vulnerability affects the file parsing layer of GIMP, meaning the malicious payload executes as soon as a crafted DCM file is opened. However, it is rated as Important instead of Critical because successful exploitation requires user interaction (e.g., manually opening a malicious file) and the attack surface is limited to local execution contexts rather than a network-exposed service. The absence of privilege escalation and the requirement for a user to interact with the file reduce the overall severity, though exploitation could still result in full process compromise.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:gimp-2:2.99.8-4.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:gimp-2:2.99.8-4.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:gimp-2:2.99.8-4.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:gimp-2:2.99.8-4.el9_6.3.src",
"AppStream-9.6.0.Z.EUS:gimp-2:2.99.8-4.el9_6.3.x86_64",
"AppStream-9.6.0.Z.EUS:gimp-debuginfo-2:2.99.8-4.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:gimp-debuginfo-2:2.99.8-4.el9_6.3.i686",
"AppStream-9.6.0.Z.EUS:gimp-debuginfo-2:2.99.8-4.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:gimp-debuginfo-2:2.99.8-4.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:gimp-debuginfo-2:2.99.8-4.el9_6.3.x86_64",
"AppStream-9.6.0.Z.EUS:gimp-debugsource-2:2.99.8-4.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:gimp-debugsource-2:2.99.8-4.el9_6.3.i686",
"AppStream-9.6.0.Z.EUS:gimp-debugsource-2:2.99.8-4.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:gimp-debugsource-2:2.99.8-4.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:gimp-debugsource-2:2.99.8-4.el9_6.3.x86_64",
"AppStream-9.6.0.Z.EUS:gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.i686",
"AppStream-9.6.0.Z.EUS:gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.x86_64",
"AppStream-9.6.0.Z.EUS:gimp-libs-2:2.99.8-4.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:gimp-libs-2:2.99.8-4.el9_6.3.i686",
"AppStream-9.6.0.Z.EUS:gimp-libs-2:2.99.8-4.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:gimp-libs-2:2.99.8-4.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:gimp-libs-2:2.99.8-4.el9_6.3.x86_64",
"AppStream-9.6.0.Z.EUS:gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.i686",
"AppStream-9.6.0.Z.EUS:gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-10922"
},
{
"category": "external",
"summary": "RHBZ#2407188",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407188"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-10922",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10922"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-10922",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10922"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/gimp/-/commit/3d909166463731e94dfe62042d76225ecfc4c1e4",
"url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/3d909166463731e94dfe62042d76225ecfc4c1e4"
},
{
"category": "external",
"summary": "https://www.zerodayinitiative.com/advisories/ZDI-25-911/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-911/"
}
],
"release_date": "2025-10-29T19:29:42.905000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-01T19:44:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:gimp-2:2.99.8-4.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:gimp-2:2.99.8-4.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:gimp-2:2.99.8-4.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:gimp-2:2.99.8-4.el9_6.3.src",
"AppStream-9.6.0.Z.EUS:gimp-2:2.99.8-4.el9_6.3.x86_64",
"AppStream-9.6.0.Z.EUS:gimp-debuginfo-2:2.99.8-4.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:gimp-debuginfo-2:2.99.8-4.el9_6.3.i686",
"AppStream-9.6.0.Z.EUS:gimp-debuginfo-2:2.99.8-4.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:gimp-debuginfo-2:2.99.8-4.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:gimp-debuginfo-2:2.99.8-4.el9_6.3.x86_64",
"AppStream-9.6.0.Z.EUS:gimp-debugsource-2:2.99.8-4.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:gimp-debugsource-2:2.99.8-4.el9_6.3.i686",
"AppStream-9.6.0.Z.EUS:gimp-debugsource-2:2.99.8-4.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:gimp-debugsource-2:2.99.8-4.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:gimp-debugsource-2:2.99.8-4.el9_6.3.x86_64",
"AppStream-9.6.0.Z.EUS:gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.i686",
"AppStream-9.6.0.Z.EUS:gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.x86_64",
"AppStream-9.6.0.Z.EUS:gimp-libs-2:2.99.8-4.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:gimp-libs-2:2.99.8-4.el9_6.3.i686",
"AppStream-9.6.0.Z.EUS:gimp-libs-2:2.99.8-4.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:gimp-libs-2:2.99.8-4.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:gimp-libs-2:2.99.8-4.el9_6.3.x86_64",
"AppStream-9.6.0.Z.EUS:gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.i686",
"AppStream-9.6.0.Z.EUS:gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22445"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:gimp-2:2.99.8-4.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:gimp-2:2.99.8-4.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:gimp-2:2.99.8-4.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:gimp-2:2.99.8-4.el9_6.3.src",
"AppStream-9.6.0.Z.EUS:gimp-2:2.99.8-4.el9_6.3.x86_64",
"AppStream-9.6.0.Z.EUS:gimp-debuginfo-2:2.99.8-4.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:gimp-debuginfo-2:2.99.8-4.el9_6.3.i686",
"AppStream-9.6.0.Z.EUS:gimp-debuginfo-2:2.99.8-4.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:gimp-debuginfo-2:2.99.8-4.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:gimp-debuginfo-2:2.99.8-4.el9_6.3.x86_64",
"AppStream-9.6.0.Z.EUS:gimp-debugsource-2:2.99.8-4.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:gimp-debugsource-2:2.99.8-4.el9_6.3.i686",
"AppStream-9.6.0.Z.EUS:gimp-debugsource-2:2.99.8-4.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:gimp-debugsource-2:2.99.8-4.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:gimp-debugsource-2:2.99.8-4.el9_6.3.x86_64",
"AppStream-9.6.0.Z.EUS:gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.i686",
"AppStream-9.6.0.Z.EUS:gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.x86_64",
"AppStream-9.6.0.Z.EUS:gimp-libs-2:2.99.8-4.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:gimp-libs-2:2.99.8-4.el9_6.3.i686",
"AppStream-9.6.0.Z.EUS:gimp-libs-2:2.99.8-4.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:gimp-libs-2:2.99.8-4.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:gimp-libs-2:2.99.8-4.el9_6.3.x86_64",
"AppStream-9.6.0.Z.EUS:gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.i686",
"AppStream-9.6.0.Z.EUS:gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:gimp-2:2.99.8-4.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:gimp-2:2.99.8-4.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:gimp-2:2.99.8-4.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:gimp-2:2.99.8-4.el9_6.3.src",
"AppStream-9.6.0.Z.EUS:gimp-2:2.99.8-4.el9_6.3.x86_64",
"AppStream-9.6.0.Z.EUS:gimp-debuginfo-2:2.99.8-4.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:gimp-debuginfo-2:2.99.8-4.el9_6.3.i686",
"AppStream-9.6.0.Z.EUS:gimp-debuginfo-2:2.99.8-4.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:gimp-debuginfo-2:2.99.8-4.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:gimp-debuginfo-2:2.99.8-4.el9_6.3.x86_64",
"AppStream-9.6.0.Z.EUS:gimp-debugsource-2:2.99.8-4.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:gimp-debugsource-2:2.99.8-4.el9_6.3.i686",
"AppStream-9.6.0.Z.EUS:gimp-debugsource-2:2.99.8-4.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:gimp-debugsource-2:2.99.8-4.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:gimp-debugsource-2:2.99.8-4.el9_6.3.x86_64",
"AppStream-9.6.0.Z.EUS:gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.i686",
"AppStream-9.6.0.Z.EUS:gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.x86_64",
"AppStream-9.6.0.Z.EUS:gimp-libs-2:2.99.8-4.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:gimp-libs-2:2.99.8-4.el9_6.3.i686",
"AppStream-9.6.0.Z.EUS:gimp-libs-2:2.99.8-4.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:gimp-libs-2:2.99.8-4.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:gimp-libs-2:2.99.8-4.el9_6.3.x86_64",
"AppStream-9.6.0.Z.EUS:gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.i686",
"AppStream-9.6.0.Z.EUS:gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gimp: GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability"
},
{
"cve": "CVE-2025-10934",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2025-10-29T21:01:15.021340+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407233"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer overflow in GIMP\u2019s X Window Dump (XWD) file parser allows an attacker to craft a malicious XWD file (or a web page that triggers opening one) that can overflow a heap buffer during parsing and lead to remote code execution in the context of the GIMP process. The flaw is tracked as CVE-2025-10934 and was disclosed by Trend Micro\u2019s Zero Day Initiative on 29 Oct 2025; GIMP has published a fix.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gimp: GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Heap-based buffer overflows that occur during image-file parsing are high-risk because image libraries and editors routinely parse attacker-controlled files from email, the web, or shared drives; a successful overflow can corrupt heap metadata or function pointers and result in arbitrary code execution with the privileges of the GIMP process. Unlike a local information leak or read-only bug, this vulnerability enables control-flow hijacking (overwrite of heap-managed data or code pointers) when a user opens or previews a crafted XWD file \u2014 so an attacker only needs to get the victim to open a file or visit a page that causes the file to be loaded. The exploitability is increased when parsers perform large allocations based on unchecked length fields (the advisory describes missing validation of user-supplied lengths prior to copying into a heap buffer), which is a classic recipe for exploitable heap corruption. Because GIMP runs with the user\u2019s privileges and is commonly installed on desktops, this makes the bug Important rather than merely Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:gimp-2:2.99.8-4.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:gimp-2:2.99.8-4.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:gimp-2:2.99.8-4.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:gimp-2:2.99.8-4.el9_6.3.src",
"AppStream-9.6.0.Z.EUS:gimp-2:2.99.8-4.el9_6.3.x86_64",
"AppStream-9.6.0.Z.EUS:gimp-debuginfo-2:2.99.8-4.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:gimp-debuginfo-2:2.99.8-4.el9_6.3.i686",
"AppStream-9.6.0.Z.EUS:gimp-debuginfo-2:2.99.8-4.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:gimp-debuginfo-2:2.99.8-4.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:gimp-debuginfo-2:2.99.8-4.el9_6.3.x86_64",
"AppStream-9.6.0.Z.EUS:gimp-debugsource-2:2.99.8-4.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:gimp-debugsource-2:2.99.8-4.el9_6.3.i686",
"AppStream-9.6.0.Z.EUS:gimp-debugsource-2:2.99.8-4.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:gimp-debugsource-2:2.99.8-4.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:gimp-debugsource-2:2.99.8-4.el9_6.3.x86_64",
"AppStream-9.6.0.Z.EUS:gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.i686",
"AppStream-9.6.0.Z.EUS:gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.x86_64",
"AppStream-9.6.0.Z.EUS:gimp-libs-2:2.99.8-4.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:gimp-libs-2:2.99.8-4.el9_6.3.i686",
"AppStream-9.6.0.Z.EUS:gimp-libs-2:2.99.8-4.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:gimp-libs-2:2.99.8-4.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:gimp-libs-2:2.99.8-4.el9_6.3.x86_64",
"AppStream-9.6.0.Z.EUS:gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.i686",
"AppStream-9.6.0.Z.EUS:gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-10934"
},
{
"category": "external",
"summary": "RHBZ#2407233",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407233"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-10934",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10934"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-10934",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10934"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/gimp/-/commit/5c3e2122d53869599d77ef0f1bdece117b24fd7c",
"url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/5c3e2122d53869599d77ef0f1bdece117b24fd7c"
},
{
"category": "external",
"summary": "https://www.zerodayinitiative.com/advisories/ZDI-25-978/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-978/"
}
],
"release_date": "2025-10-29T19:58:55.670000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-01T19:44:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:gimp-2:2.99.8-4.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:gimp-2:2.99.8-4.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:gimp-2:2.99.8-4.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:gimp-2:2.99.8-4.el9_6.3.src",
"AppStream-9.6.0.Z.EUS:gimp-2:2.99.8-4.el9_6.3.x86_64",
"AppStream-9.6.0.Z.EUS:gimp-debuginfo-2:2.99.8-4.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:gimp-debuginfo-2:2.99.8-4.el9_6.3.i686",
"AppStream-9.6.0.Z.EUS:gimp-debuginfo-2:2.99.8-4.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:gimp-debuginfo-2:2.99.8-4.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:gimp-debuginfo-2:2.99.8-4.el9_6.3.x86_64",
"AppStream-9.6.0.Z.EUS:gimp-debugsource-2:2.99.8-4.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:gimp-debugsource-2:2.99.8-4.el9_6.3.i686",
"AppStream-9.6.0.Z.EUS:gimp-debugsource-2:2.99.8-4.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:gimp-debugsource-2:2.99.8-4.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:gimp-debugsource-2:2.99.8-4.el9_6.3.x86_64",
"AppStream-9.6.0.Z.EUS:gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.i686",
"AppStream-9.6.0.Z.EUS:gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.x86_64",
"AppStream-9.6.0.Z.EUS:gimp-libs-2:2.99.8-4.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:gimp-libs-2:2.99.8-4.el9_6.3.i686",
"AppStream-9.6.0.Z.EUS:gimp-libs-2:2.99.8-4.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:gimp-libs-2:2.99.8-4.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:gimp-libs-2:2.99.8-4.el9_6.3.x86_64",
"AppStream-9.6.0.Z.EUS:gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.i686",
"AppStream-9.6.0.Z.EUS:gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22445"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:gimp-2:2.99.8-4.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:gimp-2:2.99.8-4.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:gimp-2:2.99.8-4.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:gimp-2:2.99.8-4.el9_6.3.src",
"AppStream-9.6.0.Z.EUS:gimp-2:2.99.8-4.el9_6.3.x86_64",
"AppStream-9.6.0.Z.EUS:gimp-debuginfo-2:2.99.8-4.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:gimp-debuginfo-2:2.99.8-4.el9_6.3.i686",
"AppStream-9.6.0.Z.EUS:gimp-debuginfo-2:2.99.8-4.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:gimp-debuginfo-2:2.99.8-4.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:gimp-debuginfo-2:2.99.8-4.el9_6.3.x86_64",
"AppStream-9.6.0.Z.EUS:gimp-debugsource-2:2.99.8-4.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:gimp-debugsource-2:2.99.8-4.el9_6.3.i686",
"AppStream-9.6.0.Z.EUS:gimp-debugsource-2:2.99.8-4.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:gimp-debugsource-2:2.99.8-4.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:gimp-debugsource-2:2.99.8-4.el9_6.3.x86_64",
"AppStream-9.6.0.Z.EUS:gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.i686",
"AppStream-9.6.0.Z.EUS:gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.x86_64",
"AppStream-9.6.0.Z.EUS:gimp-libs-2:2.99.8-4.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:gimp-libs-2:2.99.8-4.el9_6.3.i686",
"AppStream-9.6.0.Z.EUS:gimp-libs-2:2.99.8-4.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:gimp-libs-2:2.99.8-4.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:gimp-libs-2:2.99.8-4.el9_6.3.x86_64",
"AppStream-9.6.0.Z.EUS:gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.i686",
"AppStream-9.6.0.Z.EUS:gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:gimp-2:2.99.8-4.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:gimp-2:2.99.8-4.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:gimp-2:2.99.8-4.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:gimp-2:2.99.8-4.el9_6.3.src",
"AppStream-9.6.0.Z.EUS:gimp-2:2.99.8-4.el9_6.3.x86_64",
"AppStream-9.6.0.Z.EUS:gimp-debuginfo-2:2.99.8-4.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:gimp-debuginfo-2:2.99.8-4.el9_6.3.i686",
"AppStream-9.6.0.Z.EUS:gimp-debuginfo-2:2.99.8-4.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:gimp-debuginfo-2:2.99.8-4.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:gimp-debuginfo-2:2.99.8-4.el9_6.3.x86_64",
"AppStream-9.6.0.Z.EUS:gimp-debugsource-2:2.99.8-4.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:gimp-debugsource-2:2.99.8-4.el9_6.3.i686",
"AppStream-9.6.0.Z.EUS:gimp-debugsource-2:2.99.8-4.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:gimp-debugsource-2:2.99.8-4.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:gimp-debugsource-2:2.99.8-4.el9_6.3.x86_64",
"AppStream-9.6.0.Z.EUS:gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.i686",
"AppStream-9.6.0.Z.EUS:gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:gimp-devel-tools-debuginfo-2:2.99.8-4.el9_6.3.x86_64",
"AppStream-9.6.0.Z.EUS:gimp-libs-2:2.99.8-4.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:gimp-libs-2:2.99.8-4.el9_6.3.i686",
"AppStream-9.6.0.Z.EUS:gimp-libs-2:2.99.8-4.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:gimp-libs-2:2.99.8-4.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:gimp-libs-2:2.99.8-4.el9_6.3.x86_64",
"AppStream-9.6.0.Z.EUS:gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.aarch64",
"AppStream-9.6.0.Z.EUS:gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.i686",
"AppStream-9.6.0.Z.EUS:gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.ppc64le",
"AppStream-9.6.0.Z.EUS:gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.s390x",
"AppStream-9.6.0.Z.EUS:gimp-libs-debuginfo-2:2.99.8-4.el9_6.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gimp: GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…