CVE-2025-6035
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk33th percentile - higher than 33% of all known CVEs
Summary
In GIMP, the "Despeckle" plug-in has an integer overflow vulnerability. Unchecked multiplication of image dimensions (width, height, bytes-per-pixel) can cause insufficient memory allocation and out-of-bounds writes.
Risk Assessment
The flaw may allow an attacker to corrupt heap memory, potentially leading to denial of service (DoS) or arbitrary code execution on the user's workstation.
Recommendation
Update GIMP to the latest version containing the fix for CVE-2025-6035 immediately. Until updated, avoid opening untrusted image files.
Original NVD description (English source)
A flaw was found in GIMP. An integer overflow vulnerability exists in the GIMP "Despeckle" plug-in. The issue occurs due to unchecked multiplication of image dimensions, such as width, height, and bytes-per-pixel (img_bpp), which can result in allocating insufficient memory and subsequently performing out-of-bounds writes. This issue could lead to heap corruption, a potential denial of service (DoS), or arbitrary code execution in certain scenarios.

