{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-10934", "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "state": "PUBLISHED", "assignerShortName": "zdi", "dateReserved": "2025-09-24T20:52:16.567Z", "datePublished": "2025-10-29T19:58:55.670Z", "dateUpdated": "2026-01-07T17:09:49.672Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi", "dateUpdated": "2025-10-29T19:58:55.670Z"}, "title": "GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "descriptions": [{"lang": "en", "value": "GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27823."}], "affected": [{"vendor": "GIMP", "product": "GIMP", "versions": [{"version": "3.0.4", "status": "affected"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "type": "CWE"}]}], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-978/", "name": "ZDI-25-978", "tags": ["x_research-advisory"]}, {"url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/5c3e2122d53869599d77ef0f1bdece117b24fd7c", "name": "vendor-provided URL", "tags": ["vendor-advisory"]}], "dateAssigned": "2025-09-24T20:52:16.622Z", "datePublic": "2025-10-29T19:58:46.674Z", "source": {"lang": "en", "value": "MICHAEL RANDRIANANTENAINA [https://elkamika.blogspot.com/]"}, "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-10934", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-10-30T03:56:07.236708Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-07T17:09:49.672Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/11/msg00005.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T00:12:05.168Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/11/msg00005.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T00:12:05.168Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-10934", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-10-30T03:56:07.236708Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-07T17:05:24.526Z"}}], "cna": {"title": "GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "source": {"lang": "en", "value": "MICHAEL RANDRIANANTENAINA [https://elkamika.blogspot.com/]"}, "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "GIMP", "product": "GIMP", "versions": [{"status": "affected", "version": "3.0.4"}], "defaultStatus": "unknown"}], "datePublic": "2025-10-29T19:58:46.674Z", "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-978/", "name": "ZDI-25-978", "tags": ["x_research-advisory"]}, {"url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/5c3e2122d53869599d77ef0f1bdece117b24fd7c", "name": "vendor-provided URL", "tags": ["vendor-advisory"]}], "dateAssigned": "2025-09-24T20:52:16.622Z", "descriptions": [{"lang": "en", "value": "GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27823."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi", "dateUpdated": "2025-10-29T19:58:55.670Z"}}}, "cveMetadata": {"cveId": "CVE-2025-10934", "state": "PUBLISHED", "dateUpdated": "2026-01-07T17:09:49.672Z", "dateReserved": "2025-09-24T20:52:16.567Z", "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "datePublished": "2025-10-29T19:58:55.670Z", "assignerShortName": "zdi"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gimp:gimp:3.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "103D75C8-35B7-4E50-B75C-2D75294CB7AC", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27823."}], "id": "CVE-2025-10934", "lastModified": "2025-11-04T13:12:43.120", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "zdi-disclosures@trendmicro.com", "type": "Secondary"}]}, "published": "2025-10-29T20:15:35.423", "references": [{"source": "zdi-disclosures@trendmicro.com", "tags": ["Patch"], "url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/5c3e2122d53869599d77ef0f1bdece117b24fd7c"}, {"source": "zdi-disclosures@trendmicro.com", "tags": ["Third Party Advisory"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-978/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.debian.org/debian-lts-announce/2025/11/msg00005.html"}], "sourceIdentifier": "zdi-disclosures@trendmicro.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "zdi-disclosures@trendmicro.com", "type": "Secondary"}]}

{"bugzilla": {"description": "gimp: GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "id": "2407233", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407233"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-122", "details": ["A heap-based buffer overflow in GIMP\u2019s X Window Dump (XWD) file parser allows an attacker to craft a malicious XWD file (or a web page that triggers opening one) that can overflow a heap buffer during parsing and lead to remote code execution in the context of the GIMP process. The flaw is tracked as CVE-2025-10934 and was disclosed by Trend Micro\u2019s Zero Day Initiative on 29 Oct 2025; GIMP has published a fix."], "mitigation": {"lang": "en:us", "value": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability."}, "name": "CVE-2025-10934", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "gimp", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "gimp", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "gimp:2.8/gimp", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "gimp", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-10-29T19:58:55Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-10934\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-10934\nhttps://gitlab.gnome.org/GNOME/gimp/-/commit/5c3e2122d53869599d77ef0f1bdece117b24fd7c\nhttps://www.zerodayinitiative.com/advisories/ZDI-25-978/"], "statement": "Heap-based buffer overflows that occur during image-file parsing are high-risk because image libraries and editors routinely parse attacker-controlled files from email, the web, or shared drives; a successful overflow can corrupt heap metadata or function pointers and result in arbitrary code execution with the privileges of the GIMP process. Unlike a local information leak or read-only bug, this vulnerability enables control-flow hijacking (overwrite of heap-managed data or code pointers) when a user opens or previews a crafted XWD file \u2014 so an attacker only needs to get the victim to open a file or visit a page that causes the file to be loaded. The exploitability is increased when parsers perform large allocations based on unchecked length fields (the advisory describes missing validation of user-supplied lengths prior to copying into a heap buffer), which is a classic recipe for exploitable heap corruption. Because GIMP runs with the user\u2019s privileges and is commonly installed on desktops, this makes the bug Important rather than merely Moderate.", "threat_severity": "Important"}

{"created": "2025-10-30T14:37:41.637403+00:00", "updated": "2025-10-30T14:37:41.637426+00:00", "vendors": ["gimp", "gimp$PRODUCT$gimp"]}