| Name | CVE-2025-48797 |
| Description | A flaw was found in GIMP when processing certain TGA image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing a heap buffer overflow. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| gimp (PTS) | bullseye | 2.10.22-4+deb11u2 | vulnerable |
| bullseye (security) | 2.10.22-4+deb11u1 | vulnerable | |
| bookworm | 2.10.34-1+deb12u2 | vulnerable | |
| bookworm (security) | 2.10.34-1+deb12u1 | vulnerable | |
| sid, trixie | 3.0.2-3.1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| gimp | source | (unstable) | 3.0.0~RC1-4 |
https://bugzilla.redhat.com/show_bug.cgi?id=2368558
https://gitlab.gnome.org/GNOME/gimp/-/issues/11822
Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/49755f085a6fcc9c692b14e67856e91a79245688 (GIMP_3_0_0_RC1)
Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/723d383e57e8f599c4a44ab8541ea6902e29579e (GIMP_3_0_0_RC1)
Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/2ba35e5b3d43d881b0623f47b8068d9ee19d1d70 (GIMP_3_0_0_RC1)
Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/1f062867172d5c68b858a6efa3011686aa32bb38 (GIMP_3_0_0_RC1)