Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
82398f77 by Salvatore Bonaccorso at 2025-12-25T07:12:27+01:00
Update status for CVE-2025-14423/gimp
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1874,13 +1874,14 @@ CVE-2025-14424 (GIMP XCF File Parsing Use-After-Free
Remote Code Execution Vulne
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/15288
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/gimp/-/commit/5cc55d078b7fba995cef77d195fac325ee288ddd
(GIMP_3_2_0_RC1)
CVE-2025-14423 (GIMP LBM File Parsing Stack-based Buffer Overflow Remote Code
Executio ...)
- - gimp 3.2.0~RC2-1
+ - gimp 3.2.0~RC2-1 (unimportant)
[bookworm] - gimp <not-affected> (Vulnerable code not present)
[bullseye] - gimp <not-affected> (Vulnerable code not present)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-1137/
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/15292
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/gimp/-/commit/481cdbbb97746be1145ec3a633c567a68633c521
(GIMP_3_2_0_RC2)
NOTE: Introduced in:
https://gitlab.gnome.org/GNOME/gimp/-/commit/222bef78c71ed8562a610f6863d56c0b3e2bef68
(GIMP_2_99_16)
+ NOTE: Building of optional Plug-In for Amiga IFF/ILBM not enabled.
CVE-2025-14422 (GIMP PNM File Parsing Integer Overflow Remote Code Execution
Vulnerabi ...)
- gimp 3.2.0~RC2-1
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-1136/
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82398f77091522fc874119dbc9068ae0b0f978cc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82398f77091522fc874119dbc9068ae0b0f978cc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
