[Git][security-tracker-team/security-tracker][master] Add new gimp issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Sep 26 20:01:07 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
61855984 by Salvatore Bonaccorso at 2025-09-26T20:57:12+02:00
Add new gimp issues

Thanks: Sylvain Beucler

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,28 @@
+CVE-2025-10925 [ZDI-CAN-27793: GIMP ILBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability]
+	- gimp <unfixed>
+	NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/14816
+	NOTE: https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2450
+	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/002b22c15028b18557bd0823a081af9ed5316679
+CVE-2025-10924 [ZDI-CAN-27836: GIMP FF File Parsing Integer Overflow Remote Code Execution Vulnerability]
+	- gimp <unfixed>
+	NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/14813
+	NOTE: https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2448
+	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/53b18653bca9404efeab953e75960b1cf7dedbed
+CVE-2025-10923 [ZDI-CAN-27878: GIMP WBMP File Parsing Integer Overflow Remote Code Execution Vulnerability]
+	- gimp <unfixed>
+	NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/14812
+	NOTE: https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2445
+	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/fb31ddf32298bb2f0f09b3ccc53464b8693a050e
+CVE-2025-10922 [ZDI-CAN-27863: GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability]
+	- gimp <unfixed>
+	NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/14811
+	NOTE: https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2444
+	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/0f309f9a8d82f43fa01383bc5a5c41d28727d9e3
+CVE-2025-10920 [ZDI-CAN-27684: GIMP ICNS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability]
+	- gimp <unfixed>
+	NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/14818
+	NOTE: https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2443
+	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/5f4329d324b0db7a857918941ef7e1d27f3d3992
 CVE-2025-10921 [GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability]
 	- gegl <unfixed>
 	NOTE: https://gitlab.gnome.org/GNOME/gegl/-/issues/430



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61855984495947edd2b0d9e0fbaee088a5716d49

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61855984495947edd2b0d9e0fbaee088a5716d49
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250926/8d40cbeb/attachment.htm>

More information about the debian-security-tracker-commits mailing list