Stack-based Overflow Vulnerability in GIMP Affecting ANI File Processing
CVE-2025-48796

7.3HIGH

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9
Vendor: CVE Published:; 27 May 2025

What is CVE-2025-48796?

A vulnerability in GIMP has been identified, specifically within the ani_load_image() function, which processes ANI files. This flaw allows a crafted ANI file to result in a stack-based overflow, enabling attackers to execute arbitrary code. Users opening affected ANI files may inadvertently compromise their systems, leading to significant security risks. Mitigation strategies should be implemented to safeguard against potential exploitation.

References

https://access.redhat.com/security/cve/CVE-2025-48796

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2368559

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2025
Vulnerability Reserved
May 26, 2025

Red Hat

What is CVE-2025-48796?

References

CVSS V3.1

Timeline