{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-10923", "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "state": "PUBLISHED", "assignerShortName": "zdi", "dateReserved": "2025-09-24T15:54:03.542Z", "datePublished": "2025-10-29T19:29:46.493Z", "dateUpdated": "2025-10-31T03:55:14.539Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi", "dateUpdated": "2025-10-29T19:29:46.493Z"}, "title": "GIMP WBMP File Parsing Integer Overflow Remote Code Execution Vulnerability", "descriptions": [{"lang": "en", "value": "GIMP WBMP File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of WBMP files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27878."}], "affected": [{"vendor": "GIMP", "product": "GIMP", "versions": [{"version": "3.0.4", "status": "affected"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-190", "description": "CWE-190: Integer Overflow or Wraparound", "type": "CWE"}]}], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-912/", "name": "ZDI-25-912", "tags": ["x_research-advisory"]}, {"url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/2d2d39f3da1d0b01ca7d71ad2b7a8725ee92ed96", "name": "vendor-provided URL", "tags": ["vendor-advisory"]}], "dateAssigned": "2025-09-24T15:54:03.618Z", "datePublic": "2025-09-24T18:19:31.683Z", "source": {"lang": "en", "value": "Anonymous"}, "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-30T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2025-10923"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-31T03:55:14.539Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-10923", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-10-30T15:33:38.240648Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-30T15:33:41.834Z"}}], "cna": {"title": "GIMP WBMP File Parsing Integer Overflow Remote Code Execution Vulnerability", "source": {"lang": "en", "value": "Anonymous"}, "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "GIMP", "product": "GIMP", "versions": [{"status": "affected", "version": "3.0.4"}], "defaultStatus": "unknown"}], "datePublic": "2025-09-24T18:19:31.683Z", "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-912/", "name": "ZDI-25-912", "tags": ["x_research-advisory"]}, {"url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/2d2d39f3da1d0b01ca7d71ad2b7a8725ee92ed96", "name": "vendor-provided URL", "tags": ["vendor-advisory"]}], "dateAssigned": "2025-09-24T15:54:03.618Z", "descriptions": [{"lang": "en", "value": "GIMP WBMP File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of WBMP files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27878."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "CWE-190: Integer Overflow or Wraparound"}]}], "providerMetadata": {"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi", "dateUpdated": "2025-10-29T19:29:46.493Z"}}}, "cveMetadata": {"cveId": "CVE-2025-10923", "state": "PUBLISHED", "dateUpdated": "2025-10-31T03:55:14.539Z", "dateReserved": "2025-09-24T15:54:03.542Z", "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "datePublished": "2025-10-29T19:29:46.493Z", "assignerShortName": "zdi"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gimp:gimp:3.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "103D75C8-35B7-4E50-B75C-2D75294CB7AC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "GIMP WBMP File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of WBMP files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27878."}], "id": "CVE-2025-10923", "lastModified": "2025-11-04T13:14:27.657", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "zdi-disclosures@trendmicro.com", "type": "Secondary"}]}, "published": "2025-10-29T20:15:35.050", "references": [{"source": "zdi-disclosures@trendmicro.com", "tags": ["Patch"], "url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/2d2d39f3da1d0b01ca7d71ad2b7a8725ee92ed96"}, {"source": "zdi-disclosures@trendmicro.com", "tags": ["Third Party Advisory"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-912/"}], "sourceIdentifier": "zdi-disclosures@trendmicro.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "zdi-disclosures@trendmicro.com", "type": "Primary"}]}

{"bugzilla": {"description": "gimp: GIMP WBMP File Parsing Integer Overflow Remote Code Execution Vulnerability", "id": "2407192", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407192"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-190", "details": ["A remote code execution vulnerability exists in GIMP due to improper validation of user-supplied data during the parsing of WBMP (Wireless Bitmap) files. The flaw occurs because an integer overflow can happen before memory allocation, leading to a heap-based buffer overflow. An attacker can exploit this by convincing a user to open a crafted WBMP image file or visit a malicious page, allowing arbitrary code execution within the context of the application process."], "mitigation": {"lang": "en:us", "value": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability."}, "name": "CVE-2025-10923", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "gimp", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "gimp", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "gimp:2.8/gimp", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "gimp", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-10-29T19:29:46Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-10923\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-10923\nhttps://gitlab.gnome.org/GNOME/gimp/-/commit/2d2d39f3da1d0b01ca7d71ad2b7a8725ee92ed96\nhttps://www.zerodayinitiative.com/advisories/ZDI-25-912/"], "statement": "While this flaw can lead to arbitrary code execution, it is categorized as Important rather than Critical due to its attack prerequisites. Exploitation requires user interaction \u2014 the victim must manually open a malicious WBMP image file in GIMP. Additionally, the vulnerability has a local attack vector (AV:L) and cannot be exploited remotely over a network without user participation. These constraints limit the automatic propagation or large-scale exploitation potential typically seen in critical vulnerabilities, even though the impact on confidentiality, integrity, and availability is high once triggered.", "threat_severity": "Important"}