Bug#1116470: gegl: CVE-2025-10921
Salvatore Bonaccorso
carnil at debian.org
Sat Sep 27 19:44:31 BST 2025
Source: gegl
Version: 1:0.4.62-2
Severity: grave
Tags: security upstream
Forwarded: https://gitlab.gnome.org/GNOME/gegl/-/issues/430
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Hi,
The following vulnerability was published for gegl.
CVE-2025-10921[0]:
| GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code
| Execution Vulnerability
I'm not sure on the exploitability, making it RC to be on safe side.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-10921
https://www.cve.org/CVERecord?id=CVE-2025-10921
[1] https://gitlab.gnome.org/GNOME/gegl/-/issues/430
[2] https://gitlab.gnome.org/GNOME/gegl/-/commit/0e68b7471dabf2800d780819c19bd5e6462f565f
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the pkg-gnome-maintainers
mailing list