AI description
CVE-2025-2761 is a remote code execution vulnerability that affects the GIMP software, specifically during the parsing of FLI files. The vulnerability arises due to insufficient validation of user-supplied data, which can lead to an out-of-bounds write. To exploit this vulnerability, an attacker needs to trick a user into opening a malicious FLI file or visiting a malicious page. Successful exploitation of CVE-2025-2761 allows an attacker to execute arbitrary code within the context of the current process. GIMP versions prior to 3.0.0 are affected. Users are advised to upgrade to version 3.0.0 or later, where the vulnerability has been addressed.
- Description
- GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FLI files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25100.
- Source
- zdi-disclosures@trendmicro.com
- NVD status
- Awaiting Analysis
CVSS 3.0
- Type
- Secondary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
- zdi-disclosures@trendmicro.com
- CWE-787
- Hype score
- Not currently trending
画像編集ソフトGIMPにCVSSスコア7.8の脆弱性2件。CVE-2025-2760はXWD画像の処理における検証不備で、バッファ割当前の整数オーバーフローに。CVE-2025-2761はFLIファイルフォーマットのパース処理における脆弱性で、
@__kokumoto
28 May 2025
966 Impressions
5 Retweets
5 Likes
2 Bookmarks
0 Replies
0 Quotes
GIMPに2件の重大な脆弱性(CVE-2025-2760、CVE-2025-2761)が発見され、細工されたXWDおよびFLI形式の画像ファイルを開くことで、リモートから任意のコードが実行される可能性がある。これらの問題はGIMP 3.0.0で修正
@01ra66it
27 May 2025
713 Impressions
3 Retweets
8 Likes
1 Bookmark
0 Replies
0 Quotes
画像編集ソフト「GIMP」に深刻な脆弱性(CVE-2025-2760およびCVE-2025-2761)が発見された。これにより、悪意ある画像ファイルを開くだけで、リモートから任意のコードが実行される可能性がある。
@yousukezan
27 May 2025
61295 Impressions
805 Retweets
770 Likes
166 Bookmarks
0 Replies
13 Quotes
‼️ Critical GIMP Security Alert! ‼️ CVE-2025-2761 allows malicious FLI files to trigger out-of-bounds writes. Affects SUSE/openSUSE systems—patch now! 📌 Fix: zypper in -t patch [version-specific command] 👉 https://t.co/6Eey4HcsVc #InfoSec #LinuxSecurity #GIMP h
@Cezar_H_Linux
17 May 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-2761 🔴 HIGH (7.8) 🏢 GIMP - GIMP 🏗️ 2.10.38 🔗 https://t.co/NDzSTsEeSc #CyberCron #VulnAlert #InfoSec https://t.co/DXFVVy2Pph
@cybercronai
25 Apr 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-2761 GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installa… https://t.co/KUcYaZ6EVT
@CVEnew
23 Apr 2025
255 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes