CNNVD-202512-4070 Information

CNNVD ID

CNNVD-202512-4070

Related CVE

CVE-2025-14424

• CNNVD Published: 2025-12-23

Description (Chinese)

GIMP是GIMP团队的一款开源的位图图像编辑器。 GIMP存在资源管理错误漏洞，该漏洞源于解析XCF文件时，在对对象执行操作前缺乏验证对象是否存在，可能导致释放后重用和远程代码执行。

Description (English)

GIMP is an open-source bitmap image editor for the GIMP team. GIMP has a resource management error loophole, which stems from the lack of verification of the existence of the object prior to the XCF file, which may lead to re-use and remote code execution after release.

Hazard Level

Medium

Vulnerability Type

资源管理错误

Affected Vendor

GIMP

Published

2025-12-23

Last Modified

2026-02-24

References

https://gitlab.gnome.org/GNOME/gimp/-/commit/5cc55d078b7fba995cef77d195fac325ee288ddd https://www.zerodayinitiative.com/advisories/ZDI-25-1138/