CVE Catalog

CVE-2025-6035

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.41%

33th percentile - higher than 33% of all known CVEs

Summary

In GIMP, the "Despeckle" plug-in has an integer overflow vulnerability. Unchecked multiplication of image dimensions (width, height, bytes-per-pixel) can cause insufficient memory allocation and out-of-bounds writes.

Risk Assessment

The flaw may allow an attacker to corrupt heap memory, potentially leading to denial of service (DoS) or arbitrary code execution on the user's workstation.

Recommendation

Update GIMP to the latest version containing the fix for CVE-2025-6035 immediately. Until updated, avoid opening untrusted image files.

Original NVD description (English source)

A flaw was found in GIMP. An integer overflow vulnerability exists in the GIMP "Despeckle" plug-in. The issue occurs due to unchecked multiplication of image dimensions, such as width, height, and bytes-per-pixel (img_bpp), which can result in allocating insufficient memory and subsequently performing out-of-bounds writes. This issue could lead to heap corruption, a potential denial of service (DoS), or arbitrary code execution in certain scenarios.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS