CVE Details
Basic Information
| Title | Gimp: gimp integer overflow |
|---|---|
| Type | cve |
| Published | 2025-06-13T15:21:17.439Z |
| Last Seen |
Product Information
| Vendor | Red Hat |
|---|---|
| Product | Red Hat Enterprise Linux 6 |
| Version |
CVSS Information
| Base Score | 6.6 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | An integer overflow vulnerability in GIMP’s “Despeckle” plug-in can lead to heap corruption, denial of service, or arbitrary code execution due to unchecked multiplication of image dimensions. |
|---|---|
| AI Severity | Medium |
| Vendor | GIMP |
| Product | GIMP |
| Affected Version |
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-787 |
| Bulletin Family |
References
Description
A flaw was found in GIMP. An integer overflow vulnerability exists in the GIMP “Despeckle” plug-in. The issue occurs due to unchecked multiplication of image dimensions, such as width, height, and bytes-per-pixel (img_bpp), which can result in allocating insufficient memory and subsequently performing out-of-bounds writes. This issue could lead to heap corruption, a potential denial of service (DoS), or arbitrary code execution in certain scenarios.