Bug 2407199 (CVE-2025-10925)
| Summary: | CVE-2025-10925 gimp: GIMP ILBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A stack-based buffer overflow vulnerability exists in the ILBM file parsing functionality of GIMP. When processing a specially crafted ILBM image file, improper validation of user-supplied data length before copying to a stack buffer can lead to memory corruption. Successful exploitation allows an attacker to execute arbitrary code in the context of the current process. User interaction is required, as the victim must open a malicious ILBM file.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2407314, 2407315, 2407316 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2025-10-29 20:02:28 UTC
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:21968 https://access.redhat.com/errata/RHSA-2025:21968 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:22417 https://access.redhat.com/errata/RHSA-2025:22417 |