CVE-2025-48797

EUVD-2025-16288
A flaw was found in GIMP when processing certain TGA image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing a heap buffer overflow.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.3 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
Debian logo
Debian Releases
Debian Product
Codename
gimp
bookworm
2.10.34-1+deb12u10
fixed
bookworm (security)
2.10.34-1+deb12u10
fixed
bullseye
vulnerable
bullseye (security)
2.10.22-4+deb11u8
fixed
forky
3.2.4-2
fixed
sid
3.2.4-2
fixed
trixie
3.0.4-3+deb13u8
fixed
trixie (security)
3.0.4-3+deb13u8
fixed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
gimp
suse enterprise desktop 15 SP6
2.10.30-150400.3.20.1
fixed
suse enterprise desktop 15 SP7
2.10.30-150400.3.20.1
fixed
suse enterprise sap 15 SP6
2.10.30-150400.3.20.1
fixed
suse enterprise sap 15 SP7
2.10.30-150400.3.20.1
fixed
suse enterprise server 15 SP6
2.10.30-150400.3.20.1
fixed
suse enterprise server 15 SP7
2.10.30-150400.3.20.1
fixed
suse enterprise workstation 15 SP6
2.10.30-150400.3.20.1
fixed
suse enterprise workstation 15 SP7
2.10.30-150400.3.20.1
fixed
gimp-devel
suse enterprise desktop 15 SP6
2.10.30-150400.3.20.1
fixed
suse enterprise desktop 15 SP7
2.10.30-150400.3.20.1
fixed
suse enterprise sap 15 SP6
2.10.30-150400.3.20.1
fixed
suse enterprise sap 15 SP7
2.10.30-150400.3.20.1
fixed
suse enterprise server 15 SP6
2.10.30-150400.3.20.1
fixed
suse enterprise server 15 SP7
2.10.30-150400.3.20.1
fixed
suse enterprise workstation 15 SP6
2.10.30-150400.3.20.1
fixed
suse enterprise workstation 15 SP7
2.10.30-150400.3.20.1
fixed
gimp-lang
suse enterprise desktop 15 SP6
2.10.30-150400.3.20.1
fixed
suse enterprise desktop 15 SP7
2.10.30-150400.3.20.1
fixed
suse enterprise sap 15 SP6
2.10.30-150400.3.20.1
fixed
suse enterprise sap 15 SP7
2.10.30-150400.3.20.1
fixed
suse enterprise server 15 SP6
2.10.30-150400.3.20.1
fixed
suse enterprise server 15 SP7
2.10.30-150400.3.20.1
fixed
suse enterprise workstation 15 SP6
2.10.30-150400.3.20.1
fixed
suse enterprise workstation 15 SP7
2.10.30-150400.3.20.1
fixed
libgimp-2_0-0
suse enterprise desktop 15 SP6
2.10.30-150400.3.20.1
fixed
suse enterprise desktop 15 SP7
2.10.30-150400.3.20.1
fixed
suse enterprise sap 15 SP6
2.10.30-150400.3.20.1
fixed
suse enterprise sap 15 SP7
2.10.30-150400.3.20.1
fixed
suse enterprise server 15 SP6
2.10.30-150400.3.20.1
fixed
suse enterprise server 15 SP7
2.10.30-150400.3.20.1
fixed
suse enterprise workstation 15 SP6
2.10.30-150400.3.20.1
fixed
suse enterprise workstation 15 SP7
2.10.30-150400.3.20.1
fixed
libgimpui-2_0-0
suse enterprise desktop 15 SP6
2.10.30-150400.3.20.1
fixed
suse enterprise desktop 15 SP7
2.10.30-150400.3.20.1
fixed
suse enterprise sap 15 SP6
2.10.30-150400.3.20.1
fixed
suse enterprise sap 15 SP7
2.10.30-150400.3.20.1
fixed
suse enterprise server 15 SP6
2.10.30-150400.3.20.1
fixed
suse enterprise server 15 SP7
2.10.30-150400.3.20.1
fixed
suse enterprise workstation 15 SP6
2.10.30-150400.3.20.1
fixed
suse enterprise workstation 15 SP7
2.10.30-150400.3.20.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
gimp
RHEL 9
2:2.99.8-4.el9_6.2
fixed
gimp-libs
RHEL 9
2:2.99.8-4.el9_6.2
fixed
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2025:9162
https://access.redhat.com/errata/RHSA-2025:9165
https://access.redhat.com/errata/RHSA-2025:9308
https://access.redhat.com/errata/RHSA-2025:9309
https://access.redhat.com/errata/RHSA-2025:9310
https://access.redhat.com/errata/RHSA-2025:9314
https://access.redhat.com/errata/RHSA-2025:9315
https://access.redhat.com/errata/RHSA-2025:9316
https://access.redhat.com/errata/RHSA-2025:9501
https://access.redhat.com/errata/RHSA-2025:9569
https://access.redhat.com/security/cve/CVE-2025-48797
https://bugzilla.redhat.com/show_bug.cgi?id=2368558
https://gitlab.gnome.org/GNOME/gimp/-/issues/11822
https://lists.debian.org/debian-lts-announce/2025/10/msg00022.html