[Git][security-tracker-team/security-tracker][master] Mark CVE-2025-14424 (gimp) as not affecting bullseye

[Andreas Henriksson (@ah)]

Andreas Henriksson pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6930afea by Andreas Henriksson at 2026-01-02T14:15:25+01:00
Mark CVE-2025-14424 (gimp) as not affecting bullseye

Probably none of the 2.10.x releases (in <= bullseye), but only tested
bullseye....

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4638,6 +4638,7 @@ CVE-2025-14425 (GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Exe
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/cd1c88a0364ad1444c06536731972a99bd8643fd (GIMP_3_2_0_RC1)
 CVE-2025-14424 (GIMP XCF File Parsing Use-After-Free Remote Code Execution Vulnerabili ...)
 	- gimp 3.2.0~RC2-1
+	[bullseye] - gimp <not-affected> (Vulnerable code not present, poc handled correctly)
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-1138/
 	NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/15288
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/5cc55d078b7fba995cef77d195fac325ee288ddd (GIMP_3_2_0_RC1)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6930afea7cf01d1fe437d9719f9d6c86cd5761b9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6930afea7cf01d1fe437d9719f9d6c86cd5761b9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260102/0db29541/attachment.htm>