CVE-2025-48797 - Vulnerability Details

A flaw was found in GIMP when processing certain TGA image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing a heap buffer overflow.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Redhat	Enterprise Linux Rhel Aus Rhel E4s Rhel Eus Rhel Tus

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
gimp:2.8-8100020250614205641.4c9c024f	cpe:/a:redhat:enterprise_linux:8	RHSA-2025:9165	2025-06-17T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
gimp:2.8-8020020250618101631.c3a0935b	cpe:/a:redhat:rhel_aus:8.2	RHSA-2025:9310	2025-06-23T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
gimp:2.8-8040020250618100956.70584597	cpe:/a:redhat:rhel_aus:8.4	RHSA-2025:9308	2025-06-23T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
gimp:2.8-8060020250618100419.6af1eaf0	cpe:/a:redhat:rhel_aus:8.6	RHSA-2025:9309	2025-06-23T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
gimp:2.8-8060020250618100419.6af1eaf0	cpe:/a:redhat:rhel_tus:8.6	RHSA-2025:9309	2025-06-23T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
gimp:2.8-8060020250618100419.6af1eaf0	cpe:/a:redhat:rhel_e4s:8.6	RHSA-2025:9309	2025-06-23T00:00:00Z
Red Hat Enterprise Linux 9
gimp-2:2.99.8-4.el9_6.2	cpe:/a:redhat:enterprise_linux:9	RHSA-2025:9162	2025-06-17T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
gimp-2:2.99.8-3.el9_0.1	cpe:/a:redhat:rhel_e4s:9.0	RHSA-2025:9315	2025-06-23T00:00:00Z
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions
gimp-2:2.99.8-4.el9_2.1	cpe:/a:redhat:rhel_e4s:9.2	RHSA-2025:9314	2025-06-23T00:00:00Z
Red Hat Enterprise Linux 9.4 Extended Update Support
gimp-2:2.99.8-4.el9_4.1	cpe:/a:redhat:rhel_eus:9.4	RHSA-2025:9316	2025-06-23T00:00:00Z

References

Link	Providers
https://access.redhat.com/errata/RHSA-2025:9162
https://access.redhat.com/errata/RHSA-2025:9165
https://access.redhat.com/errata/RHSA-2025:9308
https://access.redhat.com/errata/RHSA-2025:9309
https://access.redhat.com/errata/RHSA-2025:9310
https://access.redhat.com/errata/RHSA-2025:9314
https://access.redhat.com/errata/RHSA-2025:9315
https://access.redhat.com/errata/RHSA-2025:9316
https://access.redhat.com/security/cve/CVE-2025-48797
https://bugzilla.redhat.com/show_bug.cgi?id=2368558
https://nvd.nist.gov/vuln/detail/CVE-2025-48797
https://www.cve.org/CVERecord?id=CVE-2025-48797

History

Mon, 23 Jun 2025 14:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_aus:8.2 cpe:/a:redhat:rhel_aus:8.4 cpe:/a:redhat:rhel_aus:8.6 cpe:/a:redhat:rhel_e4s:8.6 cpe:/a:redhat:rhel_e4s:9.0 cpe:/a:redhat:rhel_e4s:9.2 cpe:/a:redhat:rhel_eus:9.4 cpe:/a:redhat:rhel_tus:8.6

Mon, 23 Jun 2025 06:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Aus Redhat rhel E4s Redhat rhel Eus Redhat rhel Tus
CPEs		cpe:/a:redhat:rhel_aus:8.2::appstream cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_e4s:9.0::appstream cpe:/a:redhat:rhel_e4s:9.2::appstream cpe:/a:redhat:rhel_eus:9.4::appstream cpe:/a:redhat:rhel_tus:8.6::appstream
Vendors & Products		Redhat rhel Aus Redhat rhel E4s Redhat rhel Eus Redhat rhel Tus
References		https://access.redhat.com/errata/RHSA-2025:9308 https://access.redhat.com/errata/RHSA-2025:9309 https://access.redhat.com/errata/RHSA-2025:9310 https://access.redhat.com/errata/RHSA-2025:9314 https://access.redhat.com/errata/RHSA-2025:9315 https://access.redhat.com/errata/RHSA-2025:9316

Tue, 17 Jun 2025 16:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:9

Tue, 17 Jun 2025 09:30:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:8~~	cpe:/a:redhat:enterprise_linux:8::appstream
References		https://access.redhat.com/errata/RHSA-2025:9165

Tue, 17 Jun 2025 09:15:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:9~~	cpe:/a:redhat:enterprise_linux:9::appstream
References		https://access.redhat.com/errata/RHSA-2025:9162

Tue, 27 May 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 27 May 2025 14:15:00 +0000

Type	Values Removed	Values Added
Description	No description is available for this CVE.	A flaw was found in GIMP when processing certain TGA image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing a heap buffer overflow.
Title	gimp: Multiple heap buffer overflows in TGA parser	Gimp: multiple heap buffer overflows in tga parser
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/o:redhat:enterprise_linux:6 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux
References		https://access.redhat.com/security/cve/CVE-2025-48797 https://bugzilla.redhat.com/show_bug.cgi?id=2368558

Tue, 27 May 2025 02:45:00 +0000

Type	Values Removed	Values Added
Description		No description is available for this CVE.
Title		gimp: Multiple heap buffer overflows in TGA parser
Weaknesses		CWE-122
References		https://nvd.nist.gov/vuln/detail/CVE-2025-48797 https://www.cve.org/CVERecord?id=CVE-2025-48797
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}` threat_severity `Important`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2025-05-27T14:04:57.389Z

Updated: 2025-06-23T06:31:08.781Z

Reserved: 2025-05-26T10:51:51.496Z

Link: CVE-2025-48797

Vulnrichment

Updated: 2025-05-27T14:22:38.245Z

NVD

Status : Awaiting Analysis

Published: 2025-05-27T14:15:24.140

Modified: 2025-06-23T07:15:19.273

Link: CVE-2025-48797

Redhat

Severity : Important

Publid Date: 2025-05-26T00:00:00Z

Links: CVE-2025-48797 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object