{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-10924", "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "state": "PUBLISHED", "assignerShortName": "zdi", "dateReserved": "2025-09-24T15:54:14.070Z", "datePublished": "2025-10-29T19:29:50.398Z", "dateUpdated": "2025-10-30T17:38:13.340Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi", "dateUpdated": "2025-10-29T19:29:50.398Z"}, "title": "GIMP FF File Parsing Integer Overflow Remote Code Execution Vulnerability", "descriptions": [{"lang": "en", "value": "GIMP FF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of FF files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27836."}], "affected": [{"vendor": "GIMP", "product": "GIMP", "versions": [{"version": "3.0.4", "status": "affected"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-190", "description": "CWE-190: Integer Overflow or Wraparound", "type": "CWE"}]}], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-913/", "name": "ZDI-25-913", "tags": ["x_research-advisory"]}, {"url": "https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2448", "name": "vendor-provided URL", "tags": ["vendor-advisory"]}], "dateAssigned": "2025-09-24T15:54:14.120Z", "datePublic": "2025-09-24T18:19:41.379Z", "source": {"lang": "en", "value": "MICHAEL RANDRIANANTENAINA [https://elkamika.blogspot.com/]"}, "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-30T17:38:02.568056Z", "id": "CVE-2025-10924", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-30T17:38:13.340Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-10924", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-10-30T17:38:02.568056Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-30T17:38:09.458Z"}}], "cna": {"title": "GIMP FF File Parsing Integer Overflow Remote Code Execution Vulnerability", "source": {"lang": "en", "value": "MICHAEL RANDRIANANTENAINA [https://elkamika.blogspot.com/]"}, "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "GIMP", "product": "GIMP", "versions": [{"status": "affected", "version": "3.0.4"}], "defaultStatus": "unknown"}], "datePublic": "2025-09-24T18:19:41.379Z", "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-913/", "name": "ZDI-25-913", "tags": ["x_research-advisory"]}, {"url": "https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2448", "name": "vendor-provided URL", "tags": ["vendor-advisory"]}], "dateAssigned": "2025-09-24T15:54:14.120Z", "descriptions": [{"lang": "en", "value": "GIMP FF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of FF files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27836."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "CWE-190: Integer Overflow or Wraparound"}]}], "providerMetadata": {"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi", "dateUpdated": "2025-10-29T19:29:50.398Z"}}}, "cveMetadata": {"cveId": "CVE-2025-10924", "state": "PUBLISHED", "dateUpdated": "2025-10-30T17:38:13.340Z", "dateReserved": "2025-09-24T15:54:14.070Z", "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "datePublished": "2025-10-29T19:29:50.398Z", "assignerShortName": "zdi"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "GIMP FF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of FF files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27836."}], "id": "CVE-2025-10924", "lastModified": "2025-10-30T15:03:13.440", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "zdi-disclosures@trendmicro.com", "type": "Secondary"}]}, "published": "2025-10-29T20:15:35.180", "references": [{"source": "zdi-disclosures@trendmicro.com", "url": "https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2448"}, {"source": "zdi-disclosures@trendmicro.com", "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-913/"}], "sourceIdentifier": "zdi-disclosures@trendmicro.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "zdi-disclosures@trendmicro.com", "type": "Primary"}]}

{"bugzilla": {"description": "gimp: GIMP FF File Parsing Integer Overflow Remote Code Execution Vulnerability", "id": "2407200", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407200"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-190", "details": ["A remote code execution (RCE) vulnerability exists in GIMP\u2019s FF file parsing functionality. The flaw stems from improper validation of user-supplied data, leading to an integer overflow before buffer allocation. When a user opens a malicious FF image file, the overflow can cause incorrect memory allocation, allowing arbitrary code execution within the context of the GIMP process. Successful exploitation requires user interaction, such as opening a crafted file, making it a local attack vector with remote delivery potential."], "mitigation": {"lang": "en:us", "value": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability."}, "name": "CVE-2025-10924", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "gimp", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "gimp", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "gimp:2.8/gimp", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "gimp", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-10-29T19:29:50Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-10924\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-10924\nhttps://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2448\nhttps://www.zerodayinitiative.com/advisories/ZDI-25-913/"], "statement": "While the flaw enables arbitrary code execution, it\u2019s rated Important instead of Critical because user interaction is mandatory, and the attack surface is limited to file parsing within GIMP. The vulnerability cannot be exploited without convincing a user to open a specially crafted FF file, and it doesn\u2019t allow network-based exploitation without local execution. Furthermore, GIMP typically operates within user space with non-privileged permissions, reducing the potential for full system compromise. Therefore, despite the high impact on confidentiality, integrity, and availability, the exploitability conditions lower its overall severity.", "threat_severity": "Important"}