Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7e9c3d65 by Salvatore Bonaccorso at 2025-10-10T12:23:12+02:00
Add ZDI references for recent gimp issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5392,6 +5392,7 @@ CVE-2025-10925 [ZDI-CAN-27793: GIMP ILBM File Parsing
Stack-based Buffer Overflo
- gimp <unfixed> (unimportant)
[bookworm] - gimp <not-affected> (Vulnerable code not present)
[bullseye] - gimp <not-affected> (Vulnerable code not present)
+ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-914/
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/14816
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2450
NOTE: Introduced after:
https://gitlab.gnome.org/GNOME/gimp/-/commit/222bef78c71ed8562a610f6863d56c0b3e2bef68
(GIMP_2_99_16)
@@ -5402,6 +5403,7 @@ CVE-2025-10924 [ZDI-CAN-27836: GIMP FF File Parsing
Integer Overflow Remote Code
- gimp 3.0.4-6.1 (bug #1116461)
[bookworm] - gimp <not-affected> (Vulnerable code not present)
[bullseye] - gimp <not-affected> (Vulnerable code not present)
+ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-913/
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/14813
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2448
NOTE: Introduced after:
https://gitlab.gnome.org/GNOME/gimp/-/commit/d1864866ee051160d06417d82b45bb22b11f0d28
(GIMP_2_99_18)
@@ -5411,6 +5413,7 @@ CVE-2025-10923 [ZDI-CAN-27878: GIMP WBMP File Parsing
Integer Overflow Remote Co
- gimp 3.0.4-6.1 (bug #1116460)
[bookworm] - gimp <not-affected> (Vulnerable code not present)
[bullseye] - gimp <not-affected> (Vulnerable code not present)
+ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-912/
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/14812
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2445
NOTE: Introduced after:
https://gitlab.gnome.org/GNOME/gimp/-/commit/d1fac7bfa916495943472dfb12b1dd33307c65e8
(GIMP_2_99_12)
@@ -5418,6 +5421,7 @@ CVE-2025-10923 [ZDI-CAN-27878: GIMP WBMP File Parsing
Integer Overflow Remote Co
CVE-2025-10922 [ZDI-CAN-27863: GIMP DCM File Parsing Heap-based Buffer
Overflow Remote Code Execution Vulnerability]
{DSA-6014-1}
- gimp 3.0.4-6.1 (bug #1116459)
+ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-911/
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/14811
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2444
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/gimp/-/commit/0f309f9a8d82f43fa01383bc5a5c41d28727d9e3
@@ -5426,6 +5430,7 @@ CVE-2025-10920 [ZDI-CAN-27684: GIMP ICNS File Parsing
Out-Of-Bounds Write Remote
- gimp 3.0.4-6.1 (bug #1116458)
[bookworm] - gimp <not-affected> (Vulnerable code not present)
[bullseye] - gimp <not-affected> (Vulnerable code not present)
+ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-909/
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/14818
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2443
NOTE: Introduced after:
https://gitlab.gnome.org/GNOME/gimp/-/commit/00232e17875d4676a2c797a429db23b1a9815db8
(GIMP_2_99_14)
@@ -5433,6 +5438,7 @@ CVE-2025-10920 [ZDI-CAN-27684: GIMP ICNS File Parsing
Out-Of-Bounds Write Remote
CVE-2025-10921 [GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code
Execution Vulnerability]
{DSA-6018-1}
- gegl 1:0.4.62-3.1 (bug #1116470)
+ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-910/
NOTE: https://gitlab.gnome.org/GNOME/gegl/-/issues/430
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/gegl/-/commit/0e68b7471dabf2800d780819c19bd5e6462f565f
CVE-2025-9985 (The Featured Image from URL (FIFU) plugin for WordPress is
vulnerable ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e9c3d65c20da7adf411067fdc8186eb80d9d03a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e9c3d65c20da7adf411067fdc8186eb80d9d03a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
