Name of the Vulnerable Software and Affected Versions:

Windows GDI+ (affected versions not specified)

Description:

A heap-based buffer overflow exists in Windows GDI+. This allows an unauthorized attacker to execute code over a network. The vulnerability enables remote attackers to execute arbitrary code and affect the system. More than 100 vulnerabilities were addressed in Microsoft’s August 2025 Patch Tuesday updates, including this critical remote code execution bug. No exploits in the wild have been reported, but the vulnerability is publicly disclosed.

Recommendations:

At the moment, there is no information about a newer version that contains a fix for this vulnerability.