CVE-2025-10921

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-10921
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-10921.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-10921
Downstream
Related
Published
2025-10-29T20:15:34.797Z
Modified
2025-11-23T18:14:40.709391Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of HDR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27803.

References

Affected packages

Git / github.com/gnome/gimp

Affected ranges

Type
GIT
Repo
https://github.com/gnome/gimp
Events
Introduced
0 Unknown introduced commit / All previous commits are affected

Git / gitlab.gnome.org/GNOME/gegl

Affected ranges

Type
GIT
Repo
https://gitlab.gnome.org/GNOME/gegl
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
0e68b7471dabf2800d780819c19bd5e6462f565f

Affected versions

Other

GEGL_0_0_14
GEGL_0_0_16
GEGL_0_0_4
GEGL_0_1_0_REAL
GEGL_0_1_2
GEGL_0_1_4
GEGL_0_1_6
GEGL_0_1_8
GEGL_0_2_0
GEGL_0_3_0
GEGL_0_3_10
GEGL_0_3_12
GEGL_0_3_14
GEGL_0_3_16
GEGL_0_3_18
GEGL_0_3_2
GEGL_0_3_20
GEGL_0_3_22
GEGL_0_3_24
GEGL_0_3_26
GEGL_0_3_28
GEGL_0_3_30
GEGL_0_3_34
GEGL_0_3_4
GEGL_0_3_6
GEGL_0_3_8
GEGL_0_4_0
GEGL_0_4_10
GEGL_0_4_12
GEGL_0_4_14
GEGL_0_4_16
GEGL_0_4_18
GEGL_0_4_2
GEGL_0_4_20
GEGL_0_4_24
GEGL_0_4_26
GEGL_0_4_28
GEGL_0_4_30
GEGL_0_4_32
GEGL_0_4_34
GEGL_0_4_36
GEGL_0_4_38
GEGL_0_4_4
GEGL_0_4_40
GEGL_0_4_42
GEGL_0_4_44
GEGL_0_4_46
GEGL_0_4_48
GEGL_0_4_50
GEGL_0_4_52
GEGL_0_4_54
GEGL_0_4_56
GEGL_0_4_58
GEGL_0_4_6
GEGL_0_4_62
GEGL_0_4_8
GEGL_20001120_v002
GEGL_BEFORE_CLEANUP
GNOME_PRINT_0_24

Database specific

vanir_signatures

[
    {
        "target": {
            "function": "rgbe_read_new_rle",
            "file": "libs/rgbe/rgbe.c"
        },
        "digest": {
            "length": 1410.0,
            "function_hash": "118222360057214751882455647495112599783"
        },
        "signature_version": "v1",
        "source": "https://gitlab.gnome.org/GNOME/gegl@0e68b7471dabf2800d780819c19bd5e6462f565f",
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2025-10921-27da2c0a"
    },
    {
        "target": {
            "file": "libs/rgbe/rgbe.c"
        },
        "digest": {
            "line_hashes": [
                "54835608413568126834762623349742078576",
                "293419435416655494439702637090078336087",
                "169141763028370893169344340649784948529",
                "208014914156617169462439134858624981858",
                "55686891228186935652922761025481543024",
                "337492170829559687262252680077893780164",
                "121039053226537223393195958477402791328",
                "203051751018206193003619970005748036100"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "source": "https://gitlab.gnome.org/GNOME/gegl@0e68b7471dabf2800d780819c19bd5e6462f565f",
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2025-10921-9a77b5e1"
    }
]