Skip to main content

Gimp EUVD-2025-17358

| CVE-2025-5473 HIGH
Integer Overflow or Wraparound (CWE-190)
2025-06-06 zdi-disclosures@trendmicro.com
RCE Gimp Red Hat Suse
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Ubuntu
MEDIUM
qualitative
SUSE
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Red Hat
7.8 HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 14, 2026 - 18:10 euvd
EUVD-2025-17358
Analysis Generated
Mar 14, 2026 - 18:10 vuln.today
CVE Published
Jun 06, 2025 - 19:15 nvd
HIGH 8.8

DescriptionCVE.org

GIMP ICO File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of ICO files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26752.

AnalysisAI

Critical remote code execution vulnerability in GIMP's ICO file parser caused by an integer overflow (CWE-190) that lacks proper input validation. This vulnerability affects GIMP users who open malicious ICO files or visit attacker-controlled pages serving malicious images, allowing arbitrary code execution with user privileges. The CVSS score of 8.8 reflects high severity with network-accessible attack vector and required user interaction; exploitation status and active weaponization details require cross-reference with KEV/EPSS data.

Technical ContextAI

The vulnerability exists in GIMP's image file parsing subsystem, specifically the ICO (Windows Icon) format handler. ICO files are structured image containers typically used for application icons but supported by many graphics applications including GIMP. The flaw results from insufficient validation of integer values during ICO header/metadata parsing, leading to an integer overflow condition (CWE-190: Integer Overflow or Wraparound). When processing a maliciously crafted ICO file with specially designed header fields, integer arithmetic overflows occur before memory write operations, corrupting the heap and enabling arbitrary code execution. The vulnerability was discovered and tracked by Zero Day Initiative (ZDI-CAN-26752) before CVE assignment, indicating third-party security research validation.

RemediationAI

Immediate action: (1) Upgrade GIMP to patched version—consult official GIMP advisory (gimp.org/news) for specific version numbers and availability; (2) Until patching is possible, avoid opening ICO files from untrusted sources and disable ICO format support if feasible through preferences; (3) Monitor GIMP project communications for security updates; (4) For enterprise deployments, restrict GIMP usage to trusted image sources and consider network-level controls blocking ICO file downloads from external sources. Vendor patch availability and version numbers must be obtained from official GIMP security advisories, which would typically be published at gimp.org and coordinated with security mailing lists. No specific patched version provided in description—consult ZDI disclosure timeline and GIMP official sources.

More from same product – last 7 days

CVE-2026-2049 HIGH
7.8 Jun 10

Arbitrary code execution in GIMP via malicious HDR (High Dynamic Range) image files allows attackers to run code in the

Vendor StatusVendor

Ubuntu

Priority: Medium
gimp
Release Status Version
upstream released 3.0.2-3.1
bionic released 2.8.22-1ubuntu0.1~esm3
focal released 2.10.18-1ubuntu0.1+esm3
jammy released 2.10.30-1ubuntu0.1+esm3
noble released 2.10.36-3ubuntu0.24.04.1+esm3
oracular ignored end of life, was needs-triage
questing not-affected 3.0.4-3
plucky ignored end of life, was needs-triage
xenial released 2.8.16-1ubuntu1.1+esm3
USN-8082-1

Debian

Bug #1105005
gimp
Release Status Fixed Version Urgency
bullseye fixed 2.10.22-4+deb11u3 -
bullseye (security) fixed 2.10.22-4+deb11u6 -
bookworm fixed 2.10.34-1+deb12u3 -
bookworm (security) fixed 2.10.34-1+deb12u9 -
trixie (security), trixie fixed 3.0.4-3+deb13u7 -
forky, sid fixed 3.2.0~RC3-1 -
(unstable) fixed 3.0.2-3.1 -
DLA-4342-1 DSA-5939-1

SUSE

Severity: High
Product Status
SUSE Liberty Linux 7 LTSS Fixed
SUSE Liberty Linux 8 Fixed
SUSE Liberty Linux 9 Fixed
SUSE Linux Enterprise Desktop 15 SP6 SUSE Linux Enterprise Server 15 SP6 SUSE Linux Enterprise Server for SAP Applications 15 SP6 SUSE Linux Enterprise Workstation Extension 15 SP6 Fixed
SUSE Linux Enterprise Desktop 15 SP7 SUSE Linux Enterprise Server 15 SP7 SUSE Linux Enterprise Server for SAP Applications 15 SP7 SUSE Linux Enterprise Workstation Extension 15 SP7 Fixed

Share

EUVD-2025-17358 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy