CVE-2025-14424

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GIMP (affected versions not specified)

Description A flaw exists in the parsing of XCF files within GIMP, leading to a use-after-free condition. This allows remote attackers to potentially execute arbitrary code on affected systems. User interaction is required, specifically the need for a target to open a malicious file or visit a malicious page. The issue stems from a lack of validation to confirm the existence of an object before operations are performed on it, which an attacker can exploit to execute code within the current process.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2026:0914

CVE-2025-14424

DSA-6093-1

OESA-2026-1115

OESA-2026-1116

OESA-2026-1117

OESA-2026-1118

OPENSUSE-RU-2026:20168-1

OPENSUSE-SU-2026:10066-1

OPENSUSE-SU-2026:20100-1

RHSA-2026:0914

ZDI-25-1138

Affected Products

Debian

Gimp

Red Os

Rocky Linux

CVE-2025-14424

Weakness Enumeration

Related Identifiers

Affected Products

References · 52