CNNVD-202510-3958 Information

CNNVD ID

CNNVD-202510-3958

Related CVE

CVE-2025-10921

• CNNVD Published: 2025-10-29

Description (Chinese)

GIMP是GIMP团队的一款开源的位图图像编辑器。 GIMP存在安全漏洞，该漏洞源于解析HDR文件时未正确验证用户提供数据的长度，可能导致堆缓冲区溢出和远程代码执行。

Description (English)

GIMP is an open-source bitmap image editor for the GIMP team. GIP has a security loophole, which stems from the incorrect verification of the length of data provided by users when the HDR file is deciphered, which may lead to spills over the buffer zone and remote code execution.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

GIMP

Published

2025-10-29

Last Modified

2026-02-24

References

https://www.zerodayinitiative.com/advisories/ZDI-25-910/ https://gitlab.gnome.org/GNOME/gegl/-/commit/0e68b7471dabf2800d780819c19bd5e6462f565f https://vigilance.fr/vulnerability/GIMP-buffer-overflow-via-HDR-File-48309

Patch

https://www.gimp.org/