CVE-2025-48798

Summary

A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues.

Affected Software

VendorProductVersion RangeStatus
0 < 3.0.0affected
Red HatRed Hat Enterprise Linux 7 Extended Lifecycle Support2:2.8.22-1.el7_9.2 < *unaffected
Red HatRed Hat Enterprise Linux 88100020250614205641.4c9c024f < *unaffected
Red HatRed Hat Enterprise Linux 8.2 Advanced Update Support8020020250618101631.c3a0935b < *unaffected
Red HatRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support8040020250618100956.70584597 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support8060020250618100419.6af1eaf0 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Telecommunications Update Service8060020250618100419.6af1eaf0 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Update Services for SAP Solutions8060020250618100419.6af1eaf0 < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Telecommunications Update Service8080020250623120629.0621e4ee < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Update Services for SAP Solutions8080020250623120629.0621e4ee < *unaffected
Red HatRed Hat Enterprise Linux 92:2.99.8-4.el9_6.2 < *unaffected
Red HatRed Hat Enterprise Linux 9.0 Update Services for SAP Solutions2:2.99.8-3.el9_0.1 < *unaffected
Red HatRed Hat Enterprise Linux 9.2 Update Services for SAP Solutions2:2.99.8-4.el9_2.1 < *unaffected
Red HatRed Hat Enterprise Linux 9.4 Extended Update Support2:2.99.8-4.el9_4.1 < *unaffected

Weaknesses

  • CWE-416: Use After Free

Workarounds

No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References