GIMP Image Editor Vulnerability Allows Remote Code Execution

Two critical security vulnerabilities discovered in the popular GIMP image editing software could allow remote attackers to execute arbitrary code on affected systems, security researchers have revealed.

The vulnerabilities, identified as CVE-2025-2760 and CVE-2025-2761, both carry high CVSS scores of 7.8 and affect users who open malicious image files or visit compromised websites.

Both flaws have been addressed in GIMP version 3.0.0, released in March 2025.

Security researcher Michael Randrianantenaina identified two distinct but equally dangerous vulnerabilities in GIMP’s file parsing mechanisms.

The first vulnerability, tracked as CVE-2025-2760 and designated ZDI-25-203, affects the software’s handling of XWD (X Window Dump) image files.

This flaw stems from improper validation of user-supplied data during file parsing, which can trigger an integer overflow condition before buffer allocation occurs.

The second vulnerability, CVE-2025-2761 (ZDI-25-204), targets GIMP’s FLI file format parser.

This vulnerability results from insufficient bounds checking during file processing, leading to out-of-bounds write operations that extend beyond allocated memory buffers.

Both vulnerabilities require user interaction to be successfully exploited, as victims must either visit a malicious webpage or open a specially crafted file.

Technical Details and Attack Vectors

The XWD file parsing vulnerability exploits weaknesses in GIMP’s input validation routines.

When processing malformed XWD files, the application fails to properly verify data sizes before performing memory allocation calculations.

This oversight allows attackers to trigger integer overflow conditions, potentially leading to undersized buffer allocations and subsequent memory corruption.

The FLI file vulnerability operates through a different mechanism but achieves similar results.

During FLI file processing, GIMP inadequately validates data boundaries, permitting write operations beyond allocated buffer limits.

This out-of-bounds write capability provides attackers with a pathway to corrupt adjacent memory regions and potentially hijack program execution flow.

Both attack vectors enable remote code execution within the context of the current user process.

Successful exploitation grants attackers the same privileges as the user running GIMP, potentially allowing them to access sensitive files, install malware, or establish persistent system access.

The vulnerabilities are particularly concerning given GIMP’s widespread adoption among creative professionals and casual users alike.

Patch Available and Security Response

GIMP developers responded promptly to the vulnerability disclosures, implementing comprehensive fixes in version 3.0.0, released on March 16, 2025.

The patches address both file parsing vulnerabilities through enhanced input validation and improved bounds checking mechanisms.

The disclosure timeline reveals responsible vulnerability reporting practices. The XWD vulnerability was initially reported to GIMP developers on January 22, 2025, while the FLI vulnerability was disclosed on March 9, 2025.

Both advisories were publicly released on April 7, 2025, following coordinated disclosure protocols.

Users are strongly advised to update their GIMP installations to version 3.0.0 or later immediately.

Organizations should prioritize this update, particularly in environments where users regularly handle image files from untrusted sources.

Additionally, users should exercise caution when opening image files from unknown origins and avoid visiting suspicious websites that might host malicious content designed to exploit these vulnerabilities.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.

The post GIMP Image Editor Vulnerability Allows Remote Code Execution appeared first on Cyber Security News.