CVE-2025-48798

CVSS v3.1

7.3

High

Vector

AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GIMP versions prior to the fixed version

Description A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues.

Recommendations For GIMP, update to a version that includes the fix for the use-after-free issue in the XCF parser. As a temporary workaround, consider avoiding the use of XCF image files until a patch is available. Restrict access to specially crafted XCF image files to minimize the risk of exploitation.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025:9162

ALSA-2025:9165

BDU:2025-09833

CESA-2025_9165

CVE-2025-48798

DLA-4342-1

DSA-5939-1

INFSA-2025_9162

INFSA-2025_9165

MGASA-2026-0012

OESA-2025-1620

RHSA-2025:9162

RHSA-2025:9165

RHSA-2025:9308

RHSA-2025:9309

RHSA-2025:9310

RHSA-2025:9314

RHSA-2025:9315

RHSA-2025:9316

RHSA-2025:9501

RHSA-2025:9569

RHSA-2025_9162

RHSA-2025_9165

SUSE-SU-2025:02164-1

USN-8075-1

Affected Products

Almalinux

Astra Linux

Centos

Debian

Gimp

Linuxmint

Red Hat

Red Os

Rocky Linux

Ubuntu

CVE-2025-48798

Weakness Enumeration

Related Identifiers

Affected Products

References · 78