CVE-2025-6035

Medium CVSS: 6.1

A flaw was found in GIMP. An integer overflow vulnerability exists in the GIMP "Despeckle" plug-in. The issue occurs due to unchecked multiplication of image dimensions, such as width, height, and bytes-per-pixel (img_bpp), which can result in allocating insufficient memory and subsequently performing out-of-bounds writes. This issue could lead to heap corruption, a potential denial of service (DoS), or arbitrary code execution in certain scenarios.

Vendor

Gimp

Product

Gimp

CWE

CWE-190

Yayın Tarihi

2025-06-13 16:15:28

Güncelleme

2026-03-19 18:16:15

Source Identifier

secalert@redhat.com

KEV Date Added

Kategoriler

CWE-190 Gimp MEDIUM Gimp 2025

Referanslar

https://access.redhat.com/security/cve/CVE-2025-6035 https://bugzilla.redhat.com/show_bug.cgi?id=2372515 https://gitlab.gnome.org/GNOME/gimp/-/issues/13518 https://lists.debian.org/debian-lts-announce/2025/10/msg00022.html

Benzer Kayıtlar

Low

CVE-2026-2239

A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the fread_pascal_string function when processing…

Medium

CVE-2026-2272

A flaw was found in GIMP. An integer overflow vulnerability exists when processing ICO image files, specifically in the…

High

CVE-2026-2047

GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote…

High

CVE-2026-2048

GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attacker…

High

CVE-2026-2044

GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attacke…

High

CVE-2026-2045

GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attacker…