Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2025-10934
Analyzed
More InfoOfficial Page
Source-zdi-disclosures@trendmicro.com
View Known Exploited Vulnerability (KEV) details
Published At-29 Oct, 2025 | 20:15
Updated At-04 Nov, 2025 | 13:12

GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27823.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.07.8HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.0
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
GIMP
gimp
>>gimp>>3.0.4
cpe:2.3:a:gimp:gimp:3.0.4:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>11.0
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-122Secondaryzdi-disclosures@trendmicro.com
CWE ID: CWE-122
Type: Secondary
Source: zdi-disclosures@trendmicro.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://gitlab.gnome.org/GNOME/gimp/-/commit/5c3e2122d53869599d77ef0f1bdece117b24fd7czdi-disclosures@trendmicro.com
Patch
https://www.zerodayinitiative.com/advisories/ZDI-25-978/zdi-disclosures@trendmicro.com
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/11/msg00005.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Hyperlink: https://gitlab.gnome.org/GNOME/gimp/-/commit/5c3e2122d53869599d77ef0f1bdece117b24fd7c
Source: zdi-disclosures@trendmicro.com
Resource:
Patch
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-25-978/
Source: zdi-disclosures@trendmicro.com
Resource:
Third Party Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2025/11/msg00005.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Change History
0Changes found
Details not found