Heap Buffer Overflow in GIMP Due to Vulnerable TGA Image Processing
CVE-2025-48797

7.3HIGH

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 7 Extended Lifecycle Support; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 8.2 Advanced Update Support; Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
Vendor: CVE Published:; 27 May 2025

🔔 Create Red Hat Vulnerability Alert

What is CVE-2025-48797?

A vulnerability exists in GIMP related to the processing of specially crafted TGA image files. When a user opens an affected TGA file, GIMP may experience significant memory errors that could lead to crashes and potentially a heap buffer overflow. This flaw opens avenues for attackers to exploit the software, thereby compromising system stability and security.

Affected Version(s)

Red Hat Enterprise Linux 7 Extended Lifecycle Support 2:2.8.22-1.el7_9.2

Red Hat Enterprise Linux 8 8100020250614205641.4c9c024f

Red Hat Enterprise Linux 8.2 Advanced Update Support 8020020250618101631.c3a0935b

References

https://access.redhat.com/errata/RHSA-2025:9162

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2025:9165

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2025:9308

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2025
Vulnerability Reserved
May 26, 2025

.

CVE-2025-48797 : Heap Buffer Overflow in GIMP Due to Vulnerable TGA Image Processing