CVEFinder.io

CVE-2025-14424

⚠️ high
Summary

GIMP XCF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XCF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker

Description

GIMP XCF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of XCF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28376.

CVSS Score
7.8
High
EPSS Score
0.1
Exploit Probability
Published Date
2025-12-23
First Seen: 2026-01-05
Last Modified 2026-01-20
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE IDs (Weakness Types)
CWE-416

🔗 References 2

https://gitlab.gnome.org/GNOME/gimp/-/commit/5cc55d0...
Patch
https://www.zerodayinitiative.com/advisories/ZDI-25-...
Third Party Advisory

📦 Affected Products 1

Vendor Product Status Affected Versions
gimp gimp Affected
v3.0.6

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2025-14422 ⚠️ high 7.8 0.1 GIMP PNM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers t... 2025-12-23
CVE-2025-14423 ⚠️ high 7.8 0.1 GIMP LBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote ... 2025-12-23
CVE-2025-14425 ⚠️ high 7.8 0.1 GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote a... 2025-12-23
CVE-2025-10920 ⚠️ high 7.8 0.1 GIMP ICNS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attacke... 2025-10-29
CVE-2025-10921 ⚠️ high 7.8 0.1 GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote a... 2025-10-29
CVE-2025-10922 ⚠️ high 7.8 0.1 GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote a... 2025-10-29
These CVEs affect the same products