GIMP Image Editor Vulnerability Let Remote Attackers Arbitrary Code
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
Two critical security vulnerabilities discovered in the popular GIMP image editing software have been disclosed. These vulnerabilities allow remote attackers to execute arbitrary code on affected systems.
The vulnerabilities, identified as CVE-2025-2760 and CVE-2025-2761, were publicly disclosed on April 7th, 2025, and affect GIMP installations prior to version 3.0.0.
Both flaws require user interaction, specifically opening malicious files or visiting compromised web pages, to trigger successful exploitation.
The vulnerabilities were discovered by security researcher Michael Randrianantenaina and reported through the Zero Day Initiative (ZDI).
Each vulnerability carries a CVSS v3.0 base score of 7.8, classified as “High” severity with the vector string AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating significant potential impacts on system confidentiality, integrity, and availability.
XWD File Parsing Integer Overflow Vulnerability
CVE-2025-2760 represents a critical flaw in GIMP’s XWD file parsing functionality, stemming from insufficient validation of user-supplied data that can result in an integer overflow condition before buffer allocation.
The specific technical issue occurs during the parsing of X Window Dump (XWD) files, where the lack of proper input validation allows attackers to manipulate data structures before memory allocation occurs.
This integer overflow condition can be leveraged by attackers to execute arbitrary code within the context of the current GIMP process, potentially compromising the entire system depending on user privileges.
FLI File Processing Out-of-Bounds Write Flaw
The second vulnerability, CVE-2025-2761, affects GIMP’s FLI file parsing mechanism and involves an out-of-bounds write condition.
This flaw arises from insufficient validation of user-supplied data during FLI file processing, which can result in write operations beyond the boundaries of allocated memory buffers.
The vulnerability was reported to the vendor on March 9th, 2025, and allows attackers to craft malicious FLI (FLIC animation) files that trigger the out-of-bounds write when processed by GIMP.
Successful exploitation enables remote code execution in the context of the current process, giving attackers the same privileges as the user running GIMP.
Mitigation
Both vulnerabilities have been addressed in GIMP version 3.0.0, which was released on March 16th, 2025, approximately three weeks before the public disclosure.
The GIMP development team implemented proper input validation mechanisms to prevent integer overflow conditions and out-of-bounds write operations in file parsing routines.
Security vendors have begun releasing patches for their respective distributions. SUSE issued a security update on May 13th, 2025, specifically addressing CVE-2025-2761 for SUSE Linux Enterprise Server environments.
Amazon Linux has classified both vulnerabilities in their security advisory system, with Amazon Linux 2 GIMP Extra packages marked as “Not Affected”.
Users are strongly advised to upgrade to GIMP 3.0.0 or later versions immediately to mitigate these vulnerabilities.
Organizations should also implement security awareness training to educate users about the risks of opening untrusted image files, as both vulnerabilities require user interaction for successful exploitation.
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
GIMP Image Editor Vulnerability Let Remote Attackers Arbitrary Code
Author: Guru BaranTwo critical security vulnerabilities discovered in the popular GIMP image editing software have been disclosed. These vulnerabilities allow remote attackers to execute arbitrary code on affected systems.
The vulnerabilities, identified as CVE-2025-2760 and CVE-2025-2761, were publicly disclosed on April 7th, 2025, and affect GIMP installations prior to version 3.0.0.
Both flaws require user interaction, specifically opening malicious files or visiting compromised web pages, to trigger successful exploitation.
The vulnerabilities were discovered by security researcher Michael Randrianantenaina and reported through the Zero Day Initiative (ZDI).
Each vulnerability carries a CVSS v3.0 base score of 7.8, classified as “High” severity with the vector string AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating significant potential impacts on system confidentiality, integrity, and availability.
XWD File Parsing Integer Overflow Vulnerability
CVE-2025-2760 represents a critical flaw in GIMP’s XWD file parsing functionality, stemming from insufficient validation of user-supplied data that can result in an integer overflow condition before buffer allocation.
The specific technical issue occurs during the parsing of X Window Dump (XWD) files, where the lack of proper input validation allows attackers to manipulate data structures before memory allocation occurs.
This integer overflow condition can be leveraged by attackers to execute arbitrary code within the context of the current GIMP process, potentially compromising the entire system depending on user privileges.
FLI File Processing Out-of-Bounds Write Flaw
The second vulnerability, CVE-2025-2761, affects GIMP’s FLI file parsing mechanism and involves an out-of-bounds write condition.
This flaw arises from insufficient validation of user-supplied data during FLI file processing, which can result in write operations beyond the boundaries of allocated memory buffers.
The vulnerability was reported to the vendor on March 9th, 2025, and allows attackers to craft malicious FLI (FLIC animation) files that trigger the out-of-bounds write when processed by GIMP.
Successful exploitation enables remote code execution in the context of the current process, giving attackers the same privileges as the user running GIMP.
Mitigation
Both vulnerabilities have been addressed in GIMP version 3.0.0, which was released on March 16th, 2025, approximately three weeks before the public disclosure.
The GIMP development team implemented proper input validation mechanisms to prevent integer overflow conditions and out-of-bounds write operations in file parsing routines.
Security vendors have begun releasing patches for their respective distributions. SUSE issued a security update on May 13th, 2025, specifically addressing CVE-2025-2761 for SUSE Linux Enterprise Server environments.
Amazon Linux has classified both vulnerabilities in their security advisory system, with Amazon Linux 2 GIMP Extra packages marked as “Not Affected”.
Users are strongly advised to upgrade to GIMP 3.0.0 or later versions immediately to mitigate these vulnerabilities.
Organizations should also implement security awareness training to educate users about the risks of opening untrusted image files, as both vulnerabilities require user interaction for successful exploitation.
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
