CVE-2025-48798 HIGH

CVE-2025-48798: Gimp: multiple use after free in xcf parser

Vendor Red Hat
Product Red Hat Enterprise Linux 6
Weakness CWE-416
Published May 27, 2025
Last update November 6, 2025

CVSS base score

7.3/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues.

Key dates

02Disclosure timeline

May 27, 2025 CVE published
November 6, 2025 Record updated