[Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-10924/gimp
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Sep 27 13:07:35 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3fc65e8a by Salvatore Bonaccorso at 2025-09-27T14:06:44+02:00
Update status for CVE-2025-10924/gimp
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -389,8 +389,11 @@ CVE-2025-10925 [ZDI-CAN-27793: GIMP ILBM File Parsing Stack-based Buffer Overflo
NOTE: Building of optional Plug-In for Amiga IFF/ILBM not enabled.
CVE-2025-10924 [ZDI-CAN-27836: GIMP FF File Parsing Integer Overflow Remote Code Execution Vulnerability]
- gimp <unfixed>
+ [bookworm] - gimp <not-affected> (Vulnerable code not present)
+ [bullseye] - gimp <not-affected> (Vulnerable code not present)
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/14813
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2448
+ NOTE: Introduced after: https://gitlab.gnome.org/GNOME/gimp/-/commit/d1864866ee051160d06417d82b45bb22b11f0d28 (GIMP_2_99_18)
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/53b18653bca9404efeab953e75960b1cf7dedbed
CVE-2025-10923 [ZDI-CAN-27878: GIMP WBMP File Parsing Integer Overflow Remote Code Execution Vulnerability]
- gimp <unfixed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3fc65e8ae295ab9a3310234ec87e0274a7198707
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3fc65e8ae295ab9a3310234ec87e0274a7198707
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250927/45120629/attachment.htm>
More information about the debian-security-tracker-commits
mailing list