[Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-10920/gimp

Sat Sep 27 13:18:17 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
856ffe7c by Salvatore Bonaccorso at 2025-09-27T14:17:39+02:00
Update status for CVE-2025-10920/gimp

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -410,8 +410,11 @@ CVE-2025-10922 [ZDI-CAN-27863: GIMP DCM File Parsing Heap-based Buffer Overflow
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/0f309f9a8d82f43fa01383bc5a5c41d28727d9e3
 CVE-2025-10920 [ZDI-CAN-27684: GIMP ICNS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability]
 	- gimp <unfixed>
+	[bookworm] - gimp <not-affected> (Vulnerable code not present)
+	[bullseye] - gimp <not-affected> (Vulnerable code not present)
 	NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/14818
 	NOTE: https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2443
+	NOTE: Introduced after: https://gitlab.gnome.org/GNOME/gimp/-/commit/00232e17875d4676a2c797a429db23b1a9815db8 (GIMP_2_99_14)
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/5f4329d324b0db7a857918941ef7e1d27f3d3992
 CVE-2025-10921 [GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability]
 	- gegl <unfixed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/856ffe7cc5271adbe54163347e5eb83145b1bf88

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/856ffe7cc5271adbe54163347e5eb83145b1bf88
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250927/5771675d/attachment-0001.htm>
