1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.RC

  • Bug#1107758: gimp: CVE-2025-2760

    From Salvatore Bonaccorso@21:1/5 to All on Fri Jun 13 21:30:02 2025
    Source: gimp
    Version: 3.0.4-2
    Severity: grave
    Tags: security upstream
    Justification: user security hole
    Forwarded: https://gitlab.gnome.org/GNOME/gimp/-/issues/12790
    X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
    Control: found -1 2.10.34-1+deb12u2
    Control: found -1 2.10.34-1+deb12u3
    Control: found -1 2.10.34-1
    Control: found -1 3.0.2-3.1

    Hi,

    The following vulnerability was published for gimp.

    CVE-2025-2760[0]:
    | GIMP XWD File Parsing Integer Overflow Remote Code Execution
    | Vulnerability. This vulnerability allows remote attackers to execute
    | arbitrary code on affected installations of GIMP. User interaction
    | is required to exploit this vulnerability in that the target must
    | visit a malicious page or open a malicious file. The specific flaw
    | exists within the parsing of XWD files. The issue results from the
    | lack of proper validation of user-supplied data, which can result in
    | an integer overflow before allocating a buffer. An attacker can
    | leverage this vulnerability to execute code in the context of the
    | current process. Was ZDI-CAN-25082.

    Please note that the original fix was incomplete, cf. [2].


    If you fix the vulnerability please also make sure to include the
    CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

    For further information see:

    [0] https://security-tracker.debian.org/tracker/CVE-2025-2760
    https://www.cve.org/CVERecord?id=CVE-2025-2760
    [1] https://gitlab.gnome.org/GNOME/gimp/-/issues/12790
    [2] https://gitlab.gnome.org/GNOME/gimp/-/issues/12790#note_2468776
    [3] https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2323
    [4] https://www.zerodayinitiative.com/advisories/ZDI-25-203/

    Regards,
    Salvatore

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Debian Bug Tracking System@21:1/5 to All on Fri Jun 13 21:30:02 2025
    Processing control commands:

    found -1 2.10.34-1+deb12u2
    Bug #1107758 [src:gimp] gimp: CVE-2025-2760
    Marked as found in versions gimp/2.10.34-1+deb12u2.
    found -1 2.10.34-1+deb12u3
    Bug #1107758 [src:gimp] gimp: CVE-2025-2760
    Marked as found in versions gimp/2.10.34-1+deb12u3.
    found -1 2.10.34-1
    Bug #1107758 [src:gimp] gimp: CVE-2025-2760
    Marked as found in versions gimp/2.10.34-1.
    found -1 3.0.2-3.1
    Bug #1107758 [src:gimp] gimp: CVE-2025-2760
    Marked as found in versions gimp/3.0.2-3.1.

    --
    1107758: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107758
    Debian Bug Tracking System
    Contact [email protected] with problems

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Bastian Germann@21:1/5 to All on Wed Jul 2 16:20:01 2025
    https://gitlab.gnome.org/GNOME/gimp/-/commit/c17b324910204a47828d6fbb542bdcefbd66bcc1
    applies cleanly on 3.0.4. Please consider importing it as a quilt patch.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Debian Bug Tracking System@21:1/5 to All on Wed Jul 2 17:00:01 2025
    Processing control commands:

    tag -1 pending
    Bug #1107758 [src:gimp] gimp: CVE-2025-2760
    Added tag(s) pending.

    --
    1107758: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107758
    Debian Bug Tracking System
    Contact [email protected] with problems

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From =?UTF-8?B?SmVyZW15IELDrWNoYQ==?=@21:1/5 to All on Wed Jul 2 17:00:02 2025
    Control: tag -1 pending

    Hello,

    Bug #1107758 in gimp reported by you has been fixed in the
    Git repository and is awaiting an upload. You can see the commit
    message below and you can check the diff of the fix at:

    https://salsa.debian.org/gnome-team/gimp/-/commit/4d41923b3e255dbd50c2bef3de16a4bd7f65b82a

    ------------------------------------------------------------------------ plug-ins: ZDI-CAN-26752 mitigation for 32-bit

    Closes: #1107758 ------------------------------------------------------------------------

    (this message was generated automatically)
    --
    Greetings

    https://bugs.debian.org/1107758

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Debian Bug Tracking System@21:1/5 to All on Wed Jul 2 17:30:01 2025
    This is a multi-part message in MIME format...

    Your message dated Wed, 02 Jul 2025 15:19:41 +0000
    with message-id <[email protected]>
    and subject line Bug#1107758: fixed in gimp 3.0.4-3
    has caused the Debian Bug report #1107758,
    regarding gimp: CVE-2025-2760
    to be marked as done.

    This means that you claim that the problem has been dealt with.
    If this is not the case it is now your responsibility to reopen the
    Bug report if necessary, and/or fix the problem forthwith.

    (NB: If you are a system administrator and have no idea what this
    message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected]
    immediately.)


    --
    1107758: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107758
    Debian Bug Tracking System
    Contact [email protected] with problems

    Received: (at submit) by bugs.debian.org; 13 Jun 2025 19:19:27 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02
    (2024-03-25) on buxtehude.debian.org
    X-Spam-Level:
    X-Spam-Status: No, score=-8.5 required=4.0 tests=BAYES_00,FOURLA,FROMDEVELOPER,
    KHOP_HELO_FCRDNS,RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,
    RCVD_IN_VALIDITY_RPBL_BLOCKED,RCVD_IN_VALIDITY_SAFE_BLOCKED,
    RDNS_DYNAMIC,SPF_HELO_NONE,SPF_NONE,XMAILER_REPORTBUG autolearn=ham
    autolearn_force=no version=4.0.1-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 24; hammy, 150; neutral, 82; spammy,
    0. spammytokens: hammytokens:0.000-+--H*F:U*carnil,
    0.000-+--XDebbugsCc, 0.000-+--X-Debbugs-Cc, 0.000-+--H*r:eldamar.lan,
    0.000-+--merge_requests
    Return-path: <[email protected]>
    Received: from c-82-192-244-13.customer.ggaweb.ch ([82.192.244.13]:35248 helo=eldamar.