Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2025-10922
Analyzed
More InfoOfficial Page
Source-zdi-disclosures@trendmicro.com
View Known Exploited Vulnerability (KEV) details
Published At-29 Oct, 2025 | 20:15
Updated At-04 Nov, 2025 | 13:15

GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27863.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.07.8HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.0
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
GIMP
gimp
>>gimp>>3.0.4
cpe:2.3:a:gimp:gimp:3.0.4:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>11.0
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-122Secondaryzdi-disclosures@trendmicro.com
CWE-787Primarynvd@nist.gov
CWE ID: CWE-122
Type: Secondary
Source: zdi-disclosures@trendmicro.com
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://gitlab.gnome.org/GNOME/gimp/-/commit/3d909166463731e94dfe62042d76225ecfc4c1e4zdi-disclosures@trendmicro.com
Patch
https://www.zerodayinitiative.com/advisories/ZDI-25-911/zdi-disclosures@trendmicro.com
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/10/msg00022.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Hyperlink: https://gitlab.gnome.org/GNOME/gimp/-/commit/3d909166463731e94dfe62042d76225ecfc4c1e4
Source: zdi-disclosures@trendmicro.com
Resource:
Patch
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-25-911/
Source: zdi-disclosures@trendmicro.com
Resource:
Third Party Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2025/10/msg00022.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Change History
0Changes found
Details not found