PT-2025-23683 · Gimp+9 · Gimp+9

Michael Randrianantenaina

Published

2025-06-03

Updated

2026-03-10

CVE-2025-5473

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions GIMP (affected versions not specified)

Description This issue allows remote attackers to execute arbitrary code on affected installations. It requires user interaction, such as visiting a malicious page or opening a malicious file. The flaw exists within the parsing of ICO files due to the lack of proper validation of user-supplied data, resulting in an integer overflow before writing to memory. This can be leveraged to execute code in the context of the current process.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALSA-2025:9162

ALSA-2025:9165

BDU:2025-11787

CESA-2025_9165

CVE-2025-5473

DLA-4342-1

DSA-5939-1

INFSA-2025_9162

INFSA-2025_9165

OESA-2025-1620

OESA-2025-1621

OESA-2025-1622

RHSA-2025:9162

RHSA-2025:9165

RHSA-2025:9308

RHSA-2025:9309

RHSA-2025:9310

RHSA-2025:9314

RHSA-2025:9315

RHSA-2025:9316

RHSA-2025:9501

RHSA-2025:9569

RHSA-2025_9162

RHSA-2025_9165

SUSE-SU-2025:02100-1

USN-8082-1

ZDI-25-321

Affected Products

Almalinux

Astra Linux

Centos

Debian

Gimp

Linuxmint

Red Hat

Red Os

Rocky Linux

Ubuntu

PT-2025-23683 · Gimp+9 · Gimp+9

CVE-2025-5473

Weakness Enumeration

Related Identifiers

Affected Products

References · 56