Heap Buffer Overflow in GIMP Due to Vulnerable TGA Image Processing
CVE-2025-48797

7.3HIGH

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9
Vendor: CVE Published:; 27 May 2025

What is CVE-2025-48797?

A vulnerability exists in GIMP related to the processing of specially crafted TGA image files. When a user opens an affected TGA file, GIMP may experience significant memory errors that could lead to crashes and potentially a heap buffer overflow. This flaw opens avenues for attackers to exploit the software, thereby compromising system stability and security.

References

https://access.redhat.com/security/cve/CVE-2025-48797

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2368558

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2025
Vulnerability Reserved
May 26, 2025

Red Hat

What is CVE-2025-48797?

References

CVSS V3.1

Timeline