AI description
CVE-2025-2760 is a remote code execution vulnerability affecting GIMP (GNU Image Manipulation Program) software, specifically within the parsing of XWD files. The vulnerability arises from insufficient validation of user-supplied data, which can lead to an integer overflow during buffer allocation. To exploit this vulnerability, a user must interact with a malicious webpage or open a specially crafted XWD file. Successful exploitation allows an attacker to execute arbitrary code within the context of the current process. GIMP version 3.0.0 addresses this vulnerability.
- Description
- GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25082.
- Source
- zdi-disclosures@trendmicro.com
- NVD status
- Awaiting Analysis
CVSS 3.0
- Type
- Secondary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
- zdi-disclosures@trendmicro.com
- CWE-190
- Hype score
- Not currently trending
画像編集ソフトGIMPにCVSSスコア7.8の脆弱性2件。CVE-2025-2760はXWD画像の処理における検証不備で、バッファ割当前の整数オーバーフローに。CVE-2025-2761はFLIファイルフォーマットのパース処理における脆弱性で、
@__kokumoto
28 May 2025
966 Impressions
5 Retweets
5 Likes
2 Bookmarks
0 Replies
0 Quotes
GIMPに2件の重大な脆弱性(CVE-2025-2760、CVE-2025-2761)が発見され、細工されたXWDおよびFLI形式の画像ファイルを開くことで、リモートから任意のコードが実行される可能性がある。これらの問題はGIMP 3.0.0で修正
@01ra66it
27 May 2025
713 Impressions
3 Retweets
8 Likes
1 Bookmark
0 Replies
0 Quotes
GIMPのXWDファイル処理に整数オーバーフローの脆弱性。CVE-2025-2760はCVSSスコア7.8で、現在のプロセスのコンテキストでの任意コード実行が可能。要・利用者関与。 https://t.co/u1MIMxfIwK
@__kokumoto
27 May 2025
678 Impressions
2 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
画像編集ソフト「GIMP」に深刻な脆弱性(CVE-2025-2760およびCVE-2025-2761)が発見された。これにより、悪意ある画像ファイルを開くだけで、リモートから任意のコードが実行される可能性がある。
@yousukezan
27 May 2025
61295 Impressions
805 Retweets
770 Likes
166 Bookmarks
0 Replies
13 Quotes
🚨 CVE-2025-2760 🔴 HIGH (7.8) 🏢 GIMP - GIMP 🏗️ 2.10.38 🔗 https://t.co/aYp2pTRkix #CyberCron #VulnAlert #InfoSec https://t.co/kIr7RAKMZ6
@cybercronai
25 Apr 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-2760 GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installatio… https://t.co/eIEUnM46lK
@CVEnew
23 Apr 2025
259 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes