GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25082.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:03075-1 advisory.

    - CVE-2025-2760: lack of proper validation of user-supplied data in DDS parser can lead to integer     overflow and remote       code execution (bsc#1241690).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows     remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required     to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The     specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation     of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can     leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25082.
    (CVE-2025-2760)

Note that Nessus relies on the presence of the package as reported by the vendor.

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5939 advisory.

    - -------------------------------------------------------------------------     Debian Security Advisory DSA-5939-1                   security@debian.org     https://www.debian.org/security/                       Moritz Muehlenhoff     June 06, 2025                         https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package        : gimp     CVE ID         : CVE-2025-2760 CVE-2025-2761 CVE-2025-48797 CVE-2025-48798

    Several vulnerabilities were discovered in GIMP, the GNU Image     Manipulation Program, which could result in denial of service or     potentially the execution of arbitrary code if malformed XCF, TGA, DDS,     FLI or ICO files are opened.

    For the stable distribution (bookworm), these problems have been fixed in     version 2.10.34-1+deb12u3.

    We recommend that you upgrade your gimp packages.

    For the detailed security status of gimp please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/gimp

    Further information about Debian Security Advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the da0a4374-3fc9-11f0-a39d-b42e991fc52e advisory.

    zdi-disclosures@trendmicro.com reports:
    GIMP XWD File Parsing Integer Overflow Remote Code Execution             Vulnerability.  This vulnerability allows remote attackers to execute             arbitrary code on affected installations of GIMP.  User interaction             is required to exploit this vulnerability in that the target must             visit a malicious page or open a malicious file.
            The specific flaw exists within the parsing of XWD files.  The issue             results from the lack of proper validation of user-supplied data,             which can result in an integer overflow before allocating a buffer.
            An attacker can leverage this vulnerability to execute code in the             context of the current process.  Was ZDI-CAN-25082.

Tenable has extracted the preceding description block directly from the FreeBSD security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
261519	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : gimp (SUSE-SU-2025:03075-1)	Nessus	SuSE Local Security Checks	high
255739	Linux Distros Unpatched Vulnerability : CVE-2025-2760	Nessus	Misc.	high
237912	Debian dsa-5939 : gimp - security update	Nessus	Debian Local Security Checks	high
237700	FreeBSD : Gimp -- GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability (da0a4374-3fc9-11f0-a39d-b42e991fc52e)	Nessus	FreeBSD Local Security Checks	high

Detections

Analytics

CVE-2025-2760

high

Tenable Plugins

high

high

high

high