| Name | CVE-2025-48798 |
| Description | A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues. |
| Source | CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DLA-4342-1, DSA-5939-1 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| gimp (PTS) | bullseye | 2.10.22-4+deb11u2 | vulnerable |
| bullseye (security) | 2.10.22-4+deb11u4 | fixed | |
| bookworm | 2.10.34-1+deb12u3 | fixed | |
| bookworm (security) | 2.10.34-1+deb12u5 | fixed | |
| trixie | 3.0.4-3 | fixed | |
| trixie (security) | 3.0.4-3+deb13u2 | fixed | |
| forky | 3.0.4-6.1 | fixed | |
| sid | 3.0.4-6.2 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| gimp | source | bullseye | 2.10.22-4+deb11u3 | DLA-4342-1 | ||
| gimp | source | bookworm | 2.10.34-1+deb12u3 | DSA-5939-1 | ||
| gimp | source | (unstable) | 3.0.0~RC1-4 |
https://bugzilla.redhat.com/show_bug.cgi?id=2368557
https://gitlab.gnome.org/GNOME/gimp/-/issues/11822
Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/7d949423ed2231dd463968d86b58e0a3e01e6266 (GIMP_3_0_0_RC1)
Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/fe26086e16943860f3852120f546ce913a7a73ee (GIMP_3_0_0_RC1)
Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/e7523ed41271e48a909011b8598d496c1be642e2 (GIMP_3_0_0_RC2)
Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/ebf0b569a63f15b5dc7532f16936104af1e09f02 (gimp-2-10)
"xcf-load: avoid use-after-free for layers with multiple PROP_ACTIVE_LAYER" not needed in 2.10, which only supports one layer