Fluid Attacks Database

Description

A flaw was found in GIMP when processing certain TGA image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing a heap buffer overflow.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	gimp	>=0 <3.0.0~rc1-4	3.0.0~rc1-4
debian 11	gimp	=2.10.22-4 \|\| =2.10.22-4+deb11u1 \|\| =2.10.22-4+deb11u2 \|\| >=0 <2.10.22-4+deb11u3	2.10.22-4+deb11u3
debian 12	gimp	=2.10.34-1 \|\| =2.10.34-1+deb12u1 \|\| =2.10.34-1+deb12u2 \|\| >=0 <2.10.34-1+deb12u3	2.10.34-1+deb12u3
debian 13	gimp	>=0 <3.0.0~rc1-4	3.0.0~rc1-4
rpm rhel7	gimp	-	-
rpm rhel9.4	gimp	<2:2.99.8-4.el9_4.1	2:2.99.8-4.el9_4.1
rpm rhel6	gimp	-	-
rpm rhel8	gimp	<2:2.8.22-26.module+el8.10.0+23269+4b36efb0.2	2:2.8.22-26.module+el8.10.0+23269+4b36efb0.2
rpm rhel9	gimp	<2:2.99.8-4.el9_6.2	2:2.99.8-4.el9_6.2

Aliases

1. CVE-2025-487972. NVD-2025-487973. OSV-DEBIAN-2025-487974. OSV-2025-487975. SECURITY-TRACKER-CVE-2025-48797

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.