CVE-2025-48797

Summary

A flaw was found in GIMP when processing certain TGA image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing a heap buffer overflow.

Affected Software

VendorProductVersion RangeStatus
0 < 3.0.0affected
Red HatRed Hat Enterprise Linux 7 Extended Lifecycle Support2:2.8.22-1.el7_9.2 < *unaffected
Red HatRed Hat Enterprise Linux 88100020250614205641.4c9c024f < *unaffected
Red HatRed Hat Enterprise Linux 8.2 Advanced Update Support8020020250618101631.c3a0935b < *unaffected
Red HatRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support8040020250618100956.70584597 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support8060020250618100419.6af1eaf0 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Telecommunications Update Service8060020250618100419.6af1eaf0 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Update Services for SAP Solutions8060020250618100419.6af1eaf0 < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Telecommunications Update Service8080020250623120629.0621e4ee < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Update Services for SAP Solutions8080020250623120629.0621e4ee < *unaffected
Red HatRed Hat Enterprise Linux 92:2.99.8-4.el9_6.2 < *unaffected
Red HatRed Hat Enterprise Linux 9.0 Update Services for SAP Solutions2:2.99.8-3.el9_0.1 < *unaffected
Red HatRed Hat Enterprise Linux 9.2 Update Services for SAP Solutions2:2.99.8-4.el9_2.1 < *unaffected
Red HatRed Hat Enterprise Linux 9.4 Extended Update Support2:2.99.8-4.el9_4.1 < *unaffected

Weaknesses

  • CWE-122: Heap-based Buffer Overflow

Workarounds

Currently no mitigation is available for this vulnerability.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References