CVE-2025-48798

high

Description

A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues.

References

Advisories
More

https://access.redhat.com/errata/RHSA-2025:9569

https://access.redhat.com/errata/RHSA-2025:9501

https://access.redhat.com/errata/RHSA-2025:9316

https://access.redhat.com/errata/RHSA-2025:9315

https://access.redhat.com/errata/RHSA-2025:9314

https://access.redhat.com/errata/RHSA-2025:9310

https://access.redhat.com/errata/RHSA-2025:9309

https://access.redhat.com/errata/RHSA-2025:9308

https://access.redhat.com/errata/RHSA-2025:9165

https://access.redhat.com/errata/RHSA-2025:9162

https://bugzilla.redhat.com/show_bug.cgi?id=2368557

https://access.redhat.com/security/cve/CVE-2025-48798

Details

Source: Mitre, NVD

Published: 2025-05-27

Updated: 2025-06-25

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.3

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00013