CVE-2025-15059

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GIMP (affected versions not specified)

Description A heap-based buffer overflow exists in GIMP's processing of PSP files. This issue can allow a remote attacker to execute arbitrary code on a vulnerable system. User interaction is required, as the target must open a malicious PSP file or visit a malicious page hosting such a file. The flaw is due to insufficient validation of the length of user-supplied data before copying it into a heap-based buffer. An attacker can exploit this to execute code within the context of the current process. A heap overflow condition is a type of buffer overflow where the overwritten buffer is allocated in the heap memory, typically using a function like malloc(). This can impact the confidentiality, integrity, and availability of the system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

DoS

Memory Corruption

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-122

Related Identifiers

ALSA-2026:2707

BDU:2026-07243

CVE-2025-15059

OESA-2026-1001

OESA-2026-1002

OESA-2026-1003

OESA-2026-1004

OPENSUSE-RU-2026:20168-1

OPENSUSE-SU-2026:10018-1

RHSA-2026:2707

RHSA-2026:2930

RHSA-2026:2950

RHSA-2026:2953

RHSA-2026:2969

SUSE-SU-2026:0083-1

USN-8057-1

ZDI-25-1196

Affected Products

Gimp

Linuxmint

Red Os

Rocky Linux

Ubuntu

CVE-2025-15059

Weakness Enumeration

Related Identifiers

Affected Products

References · 54