[Git][security-tracker-team/security-tracker][master] Add ZDI references for recent gimp issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Oct 10 11:23:49 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7e9c3d65 by Salvatore Bonaccorso at 2025-10-10T12:23:12+02:00
Add ZDI references for recent gimp issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5392,6 +5392,7 @@ CVE-2025-10925 [ZDI-CAN-27793: GIMP ILBM File Parsing Stack-based Buffer Overflo
 	- gimp <unfixed> (unimportant)
 	[bookworm] - gimp <not-affected> (Vulnerable code not present)
 	[bullseye] - gimp <not-affected> (Vulnerable code not present)
+	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-914/
 	NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/14816
 	NOTE: https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2450
 	NOTE: Introduced after: https://gitlab.gnome.org/GNOME/gimp/-/commit/222bef78c71ed8562a610f6863d56c0b3e2bef68 (GIMP_2_99_16)
@@ -5402,6 +5403,7 @@ CVE-2025-10924 [ZDI-CAN-27836: GIMP FF File Parsing Integer Overflow Remote Code
 	- gimp 3.0.4-6.1 (bug #1116461)
 	[bookworm] - gimp <not-affected> (Vulnerable code not present)
 	[bullseye] - gimp <not-affected> (Vulnerable code not present)
+	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-913/
 	NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/14813
 	NOTE: https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2448
 	NOTE: Introduced after: https://gitlab.gnome.org/GNOME/gimp/-/commit/d1864866ee051160d06417d82b45bb22b11f0d28 (GIMP_2_99_18)
@@ -5411,6 +5413,7 @@ CVE-2025-10923 [ZDI-CAN-27878: GIMP WBMP File Parsing Integer Overflow Remote Co
 	- gimp 3.0.4-6.1 (bug #1116460)
 	[bookworm] - gimp <not-affected> (Vulnerable code not present)
 	[bullseye] - gimp <not-affected> (Vulnerable code not present)
+	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-912/
 	NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/14812
 	NOTE: https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2445
 	NOTE: Introduced after: https://gitlab.gnome.org/GNOME/gimp/-/commit/d1fac7bfa916495943472dfb12b1dd33307c65e8 (GIMP_2_99_12)
@@ -5418,6 +5421,7 @@ CVE-2025-10923 [ZDI-CAN-27878: GIMP WBMP File Parsing Integer Overflow Remote Co
 CVE-2025-10922 [ZDI-CAN-27863: GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability]
 	{DSA-6014-1}
 	- gimp 3.0.4-6.1 (bug #1116459)
+	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-911/
 	NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/14811
 	NOTE: https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2444
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/0f309f9a8d82f43fa01383bc5a5c41d28727d9e3
@@ -5426,6 +5430,7 @@ CVE-2025-10920 [ZDI-CAN-27684: GIMP ICNS File Parsing Out-Of-Bounds Write Remote
 	- gimp 3.0.4-6.1 (bug #1116458)
 	[bookworm] - gimp <not-affected> (Vulnerable code not present)
 	[bullseye] - gimp <not-affected> (Vulnerable code not present)
+	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-909/
 	NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/14818
 	NOTE: https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2443
 	NOTE: Introduced after: https://gitlab.gnome.org/GNOME/gimp/-/commit/00232e17875d4676a2c797a429db23b1a9815db8 (GIMP_2_99_14)
@@ -5433,6 +5438,7 @@ CVE-2025-10920 [ZDI-CAN-27684: GIMP ICNS File Parsing Out-Of-Bounds Write Remote
 CVE-2025-10921 [GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability]
 	{DSA-6018-1}
 	- gegl 1:0.4.62-3.1 (bug #1116470)
+	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-910/
 	NOTE: https://gitlab.gnome.org/GNOME/gegl/-/issues/430
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gegl/-/commit/0e68b7471dabf2800d780819c19bd5e6462f565f
 CVE-2025-9985 (The Featured Image from URL (FIFU) plugin for WordPress is vulnerable  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e9c3d65c20da7adf411067fdc8186eb80d9d03a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e9c3d65c20da7adf411067fdc8186eb80d9d03a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251010/83d4c0cc/attachment.htm>

More information about the debian-security-tracker-commits mailing list