[Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-14424/gimp
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jan 2 13:44:16 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
04cb7d32 by Salvatore Bonaccorso at 2026-01-02T14:43:47+01:00
Update status for CVE-2025-14424/gimp
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4638,9 +4638,11 @@ CVE-2025-14425 (GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Exe
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/cd1c88a0364ad1444c06536731972a99bd8643fd (GIMP_3_2_0_RC1)
CVE-2025-14424 (GIMP XCF File Parsing Use-After-Free Remote Code Execution Vulnerabili ...)
- gimp 3.2.0~RC2-1
+ [bookworm] - gimp <not-affected> (Vulnerable code not present)
[bullseye] - gimp <not-affected> (Vulnerable code not present, poc handled correctly)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-1138/
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/15288
+ NOTE: Introduced with: https://gitlab.gnome.org/GNOME/gimp/-/commit/a0fc5a025ae3579609730ebabc3c84146385da76 (GIMP_2_99_10)
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/5cc55d078b7fba995cef77d195fac325ee288ddd (GIMP_3_2_0_RC1)
CVE-2025-14423 (GIMP LBM File Parsing Stack-based Buffer Overflow Remote Code Executio ...)
- gimp 3.2.0~RC2-1 (unimportant)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04cb7d32194659f6e08bf5a879446782fae85a9f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04cb7d32194659f6e08bf5a879446782fae85a9f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260102/d0b3caa0/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list