How to fix CVE-2025-5473?

Within 24 hours: Issue urgent communication to all GIMP users advising against opening ICO files from untrusted sources and recommend immediate upgrade when available. Within 7 days: Inventory all GIMP installations across the organization and restrict file type associations for ICO files where operationally feasible. Within 30 days: Apply vendor patch immediately upon release, verify deployment across all systems, and conduct security awareness training on file-based attack vectors.

Is Gimp affected by CVE-2025-5473?

GIMP users face a high-severity remote code execution risk when opening malicious ICO image files, potentially allowing attackers to gain full system access under the user's privileges.

CVE-2025-5473

EUVD-2025-17358 HIGH

2025-06-06 [email protected]

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 14, 2026 - 18:10 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 18:10 euvd

EUVD-2025-17358

CVE Published

Jun 06, 2025 - 19:15 nvd

HIGH 8.8

Description

GIMP ICO File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ICO files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26752.

Analysis

Critical remote code execution vulnerability in GIMP's ICO file parser caused by an integer overflow (CWE-190) that lacks proper input validation. This vulnerability affects GIMP users who open malicious ICO files or visit attacker-controlled pages serving malicious images, allowing arbitrary code execution with user privileges. The CVSS score of 8.8 reflects high severity with network-accessible attack vector and required user interaction; exploitation status and active weaponization details require cross-reference with KEV/EPSS data.

Technical Context

The vulnerability exists in GIMP's image file parsing subsystem, specifically the ICO (Windows Icon) format handler. ICO files are structured image containers typically used for application icons but supported by many graphics applications including GIMP. The flaw results from insufficient validation of integer values during ICO header/metadata parsing, leading to an integer overflow condition (CWE-190: Integer Overflow or Wraparound). When processing a maliciously crafted ICO file with specially designed header fields, integer arithmetic overflows occur before memory write operations, corrupting the heap and enabling arbitrary code execution. The vulnerability was discovered and tracked by Zero Day Initiative (ZDI-CAN-26752) before CVE assignment, indicating third-party security research validation.

Affected Products

GIMP (GNU Image Manipulation Program) – specific version range not provided in description but typically includes recent stable and development releases. CPE likely includes: cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:* with version constraints to be determined from official GIMP advisories. Affected platforms: Windows, macOS, Linux (all supported by GIMP). The vulnerability impacts all GIMP installations with the vulnerable ICO parser code path enabled (default installation). Related products parsing ICO files through shared libraries or similar logic may also be affected but are not explicitly mentioned.

Remediation

Immediate action: (1) Upgrade GIMP to patched version—consult official GIMP advisory (gimp.org/news) for specific version numbers and availability; (2) Until patching is possible, avoid opening ICO files from untrusted sources and disable ICO format support if feasible through preferences; (3) Monitor GIMP project communications for security updates; (4) For enterprise deployments, restrict GIMP usage to trusted image sources and consider network-level controls blocking ICO file downloads from external sources. Vendor patch availability and version numbers must be obtained from official GIMP security advisories, which would typically be published at gimp.org and coordinated with security mailing lists. No specific patched version provided in description—consult ZDI disclosure timeline and GIMP official sources.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.6

CVSS: +44

POC: 0

Vendor Status

Ubuntu

Priority: Medium

gimp

Release	Status	Version
upstream	released	3.0.2-3.1
bionic	released	2.8.22-1ubuntu0.1~esm3
focal	released	2.10.18-1ubuntu0.1+esm3
jammy	released	2.10.30-1ubuntu0.1+esm3
noble	released	2.10.36-3ubuntu0.24.04.1+esm3
oracular	ignored	end of life, was needs-triage
questing	not-affected	3.0.4-3
plucky	ignored	end of life, was needs-triage
xenial	released	2.8.16-1ubuntu1.1+esm3

USN-8082-1

Debian

Bug #1105005

gimp

Release	Status	Fixed Version	Urgency
bullseye	fixed	2.10.22-4+deb11u3	-
bullseye (security)	fixed	2.10.22-4+deb11u6	-
bookworm	fixed	2.10.34-1+deb12u3	-
bookworm (security)	fixed	2.10.34-1+deb12u9	-
trixie (security), trixie	fixed	3.0.4-3+deb13u7	-
forky, sid	fixed	3.2.0~RC3-1	-
(unstable)	fixed	3.0.2-3.1	-

DLA-4342-1 DSA-5939-1

CVE-2025-5473 vulnerability details – vuln.today

Back

CVE-2025-5473

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

CVE-2025-5473

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

External POC / Exploit Code