CNNVD-202510-3956 Information

CNNVD ID

CNNVD-202510-3956

Related CVE

CVE-2025-10920

• CNNVD Published: 2025-10-29

Description (Chinese)

GIMP是GIMP团队的一款开源的位图图像编辑器。 GIMP存在缓冲区错误漏洞，该漏洞源于ICNS文件解析过程中缺乏对用户提供数据的适当验证，可能导致越界写入，从而在当前进程环境中执行任意代码。

Description (English)

GIMP is an open-source bitmap image editor for the GIMP team. The GMP has a buffer zone error loophole, which stems from the lack of proper validation of data provided by users during the process of the analysis of the ICNS documents, which may lead to cross-border writing, thus enforcing any code in the current process environment.

Hazard Level

Medium

Vulnerability Type

缓冲区错误

Affected Vendor

GIMP

Published

2025-10-29

Last Modified

2026-02-24

References

https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2443 https://www.zerodayinitiative.com/advisories/ZDI-25-909/ https://vigilance.fr/vulnerability/GIMP-buffer-overflow-via-ICNS-File-48308

Patch

https://www.gimp.org/