How to fix EUVD-2025-18287?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Is Integer Overflow affected by EUVD-2025-18287?

Organizations using A flaw should be aware of moderate risk from CVE-2025-6035, a integer overflow vulnerability rated CVSS 6.1. Exploitation could cause memory corruption or application crashes. Organizations should apply vendor updates when available and monitor for exploitation.

EUVD-2025-18287

| CVE-2025-6035 MEDIUM

2025-06-13 [email protected]

6.1

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

High

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 14, 2026 - 21:34 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 21:34 euvd

EUVD-2025-18287

CVE Published

Jun 13, 2025 - 16:15 nvd

MEDIUM 6.1

Description

A flaw was found in GIMP. An integer overflow vulnerability exists in the GIMP "Despeckle" plug-in. The issue occurs due to unchecked multiplication of image dimensions, such as width, height, and bytes-per-pixel (img_bpp), which can result in allocating insufficient memory and subsequently performing out-of-bounds writes. This issue could lead to heap corruption, a potential denial of service (DoS), or arbitrary code execution in certain scenarios.

Analysis

Technical Context

An integer overflow occurs when an arithmetic operation produces a value that exceeds the maximum (or minimum) size of the integer type used to store it. This vulnerability is classified as Integer Overflow or Wraparound (CWE-190).

Affected Products

Affected products: Gimp Gimp 2.8.0

Remediation

Use safe integer arithmetic libraries. Check for overflow conditions before operations. Use appropriately sized integer types.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +30

POC: 0

Vendor Status

Ubuntu

Priority: Medium

gimp

Release	Status	Version
bionic	released	2.8.22-1ubuntu0.1~esm3
focal	released	2.10.18-1ubuntu0.1+esm3
plucky	ignored	end of life, was needs-triage
jammy	released	2.10.30-1ubuntu0.1+esm3
upstream	released	3.0.4-2
oracular	ignored	end of life, was needs-triage
questing	not-affected	3.0.4-2
noble	released	2.10.36-3ubuntu0.24.04.1+esm3
xenial	released	2.8.16-1ubuntu1.1+esm3

USN-8082-1

Debian

gimp

Release	Status	Fixed Version	Urgency
bullseye	fixed	2.10.22-4+deb11u3	-
bullseye (security)	fixed	2.10.22-4+deb11u7	-
bookworm	fixed	2.10.34-1+deb12u4	-
bookworm (security)	fixed	2.10.34-1+deb12u9	-
trixie (security), trixie	fixed	3.0.4-3+deb13u7	-
forky, sid	fixed	3.2.0~RC3-1	-
(unstable)	fixed	3.0.4-2	-

DLA-4342-1 DSA-6043-1

EUVD-2025-18287 vulnerability details – vuln.today

Back

EUVD-2025-18287

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

EUVD-2025-18287

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

External POC / Exploit Code