CVE-2025-6035

MEDIUM EPSS 32.7%
Published Jun 13, 20251y ago · Modified Jun 17, 20261w ago
6.1 CVSS 3.1
Medium
Find Similar
Published Jun 13, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

A flaw was found in GIMP. An integer overflow vulnerability exists in the GIMP "Despeckle" plug-in. The issue occurs due to unchecked multiplication of image dimensions, such as width, height, and bytes-per-pixel (img_bpp), which can result in allocating insufficient memory and subsequently performing out-of-bounds writes. This issue could lead to heap corruption, a potential denial of service (DoS), or arbitrary code execution in certain scenarios.

CVSS Details

Base Score
6.1
Exploitability
1.3
Impact
4.7
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction Required
Scope Unchanged
Confidentiality Low
Integrity Low
Availability High

Threat Intelligence

EPSS Exploit Probability
32.7% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-190 Integer Overflow or Wraparound Numeric Error

Affected Products 5

VendorProductVersionRange
gimpgimp2.8.0any
redhatenterprise_linux6.0any
redhatenterprise_linux7.0any
redhatenterprise_linux8.0any
redhatenterprise_linux9.0any

References 4

  • access.redhat.com https://access.redhat.com/security/cve/CVE-2025-6035
    Third Party Advisory
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2372515
    Issue TrackingThird Party Advisory
  • gitlab.gnome.org https://gitlab.gnome.org/GNOME/gimp/-/issues/13518
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00022.html

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.