CNNVD-202512-4055 Information

CNNVD ID

CNNVD-202512-4055

Related CVE

CVE-2025-14425

• CNNVD Published: 2025-12-23

Description (Chinese)

GIMP是GIMP团队的一款开源的位图图像编辑器。 GIMP存在安全漏洞，该漏洞源于解析JP2文件时，在复制到堆缓冲区前缺乏对用户提供数据长度的适当验证，可能导致堆缓冲区溢出和远程代码执行。

Description (English)

GIMP is an open-source bitmap image editor for the GIMP team. There is a security loophole in the GIMP, which stems from the lack of proper validation of the data length provided by the users before copying to the stacked buffer zone when the JP2 file is deciphered, which could lead to spills and remote code implementation of the buffer zone.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

GIMP

Published

2025-12-23

Last Modified

2026-02-24

References

https://gitlab.gnome.org/GNOME/gimp/-/commit/cd1c88a0364ad1444c06536731972a99bd8643fd https://www.zerodayinitiative.com/advisories/ZDI-25-1139/