CNNVD-202510-3955 Information

CNNVD ID

CNNVD-202510-3955

Related CVE

CVE-2025-10924

• CNNVD Published: 2025-10-29

Description (Chinese)

GIMP是GIMP团队的一款开源的位图图像编辑器。 GIMP存在输入验证错误漏洞，该漏洞源于解析FF文件时缺乏对用户提供数据的适当验证，可能导致整数溢出和远程代码执行。

Description (English)

GIMP is an open-source bitmap image editor for the GIMP team. The GIMP has an input validation error loophole, which arises from the lack of proper validation of data provided by users when deciphering FF files, which may result in integer spills and remote code execution.

Hazard Level

Medium

Vulnerability Type

输入验证错误

Affected Vendor

GIMP

Published

2025-10-29

Last Modified

2026-02-24

References

https://www.zerodayinitiative.com/advisories/ZDI-25-913/ https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2448 https://vigilance.fr/vulnerability/GIMP-integer-overflow-via-FF-File-48312

Patch

https://www.gimp.org/