CNNVD-202510-3974 Information

CNNVD ID

CNNVD-202510-3974

Related CVE

CVE-2025-10923

• CNNVD Published: 2025-10-29

Description (Chinese)

GIMP是GIMP团队的一款开源的位图图像编辑器。 GIMP存在输入验证错误漏洞，该漏洞源于解析WBMP文件时缺乏对用户提供数据的适当验证，可能导致整数溢出，从而在当前进程环境中执行任意代码。

Description (English)

GIMP is an open-source bitmap image editor for the GIMP team. The GIMP has an input validation error loophole, which stems from the lack of proper validation of data provided by users when deconstructing WBMP files, which may result in integer spills, thus enforcing any code in the current process environment.

Hazard Level

Medium

Vulnerability Type

输入验证错误

Affected Vendor

GIMP

Published

2025-10-29

Last Modified

2026-02-24

References

https://www.zerodayinitiative.com/advisories/ZDI-25-912/ https://gitlab.gnome.org/GNOME/gimp/-/commit/2d2d39f3da1d0b01ca7d71ad2b7a8725ee92ed96 https://vigilance.fr/vulnerability/GIMP-integer-overflow-via-WBMP-File-48311

Patch

https://www.gimp.org/