Fluid Attacks Database

Description

A flaw was found in GIMP. The GIMP ani_load_image() function is vulnerable to a stack-based overflow. If a user opens.ANI files, GIMP may be used to store more information than the capacity allows. This flaw allows a malicious ANI file to trigger arbitrary code execution.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	gimp	>=0 <3.0.0~rc1-4	3.0.0~rc1-4
debian 14	gimp	>=0 <3.0.0~rc1-4	3.0.0~rc1-4
rpm rhel9	gimp	-	-
rpm rhel6	gimp	-	-

Aliases

1. CVE-2025-487962. NVD-2025-487963. OSV-DEBIAN-2025-487964. OSV-2025-487965. SECURITY-TRACKER-CVE-2025-48796

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.