{"id":"CVE-2025-10922","details":"GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27863.","modified":"2026-04-12T17:35:46.468820Z","published":"2025-10-29T20:15:34.923Z","related":["ALSA-2025:21968","ALSA-2025:22417","SUSE-SU-2025:4324-1","openSUSE-SU-2025:15602-1","openSUSE-SU-2026:20055-1"],"references":[{"type":"ADVISORY","url":"https://www.zerodayinitiative.com/advisories/ZDI-25-911/"},{"type":"FIX","url":"https://gitlab.gnome.org/GNOME/gimp/-/commit/3d909166463731e94dfe62042d76225ecfc4c1e4"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00022.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gnome/gimp","events":[{"introduced":"0"},{"last_affected":"c1901c5be644ab8dcaf779b1f383bf5370bc90c6"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.0.4"}]}},{"type":"GIT","repo":"https://gitlab.gnome.org/GNOME/gimp","events":[{"introduced":"0"},{"fixed":"3d909166463731e94dfe62042d76225ecfc4c1e4"}]}],"versions":["BASE_ZERO","BEFORE_GIMAGE_IS_FLAT_REMOVAL","BEFORE_MATTS_CRAZY_TOOL_PATCH","BEFORE_TILE_MADNESS","FOR_PANEL","GIMP_0_99_16","GIMP_0_99_17","GIMP_0_99_18","GIMP_0_99_19","GIMP_0_99_20","GIMP_0_99_21","GIMP_0_99_22","GIMP_0_99_23","GIMP_0_99_24","GIMP_0_99_25","GIMP_0_99_27","GIMP_0_99_28","GIMP_0_99_29","GIMP_19990910","GIMP_1_0_0","GIMP_1_1_0","GIMP_1_1_1","GIMP_1_1_10","GIMP_1_1_11","GIMP_1_1_12","GIMP_1_1_13","GIMP_1_1_14","GIMP_1_1_15","GIMP_1_1_16","GIMP_1_1_17","GIMP_1_1_18","GIMP_1_1_19","GIMP_1_1_2","GIMP_1_1_20","GIMP_1_1_21","GIMP_1_1_22","GIMP_1_1_23","GIMP_1_1_24","GIMP_1_1_25","GIMP_1_1_26","GIMP_1_1_27","GIMP_1_1_28","GIMP_1_1_29","GIMP_1_1_3","GIMP_1_1_30","GIMP_1_1_31","GIMP_1_1_32","GIMP_1_1_4","GIMP_1_1_5","GIMP_1_1_6","GIMP_1_1_7","GIMP_1_1_8","GIMP_1_1_9","GIMP_1_2_0","GIMP_1_3_0","GIMP_1_3_1","GIMP_1_3_10","GIMP_1_3_11","GIMP_1_3_12","GIMP_1_3_13","GIMP_1_3_14","GIMP_1_3_15","GIMP_1_3_16","GIMP_1_3_17","GIMP_1_3_18","GIMP_1_3_19","GIMP_1_3_2","GIMP_1_3_20","GIMP_1_3_21","GIMP_1_3_22","GIMP_1_3_23","GIMP_1_3_24","GIMP_1_3_25","GIMP_1_3_26","GIMP_1_3_27","GIMP_1_3_3","GIMP_1_3_4","GIMP_1_3_5","GIMP_1_3_6","GIMP_1_3_7","GIMP_1_3_8","GIMP_1_3_9","GIMP_2_0_0","GIMP_2_0_1","GIMP_2_0_RC1","GIMP_2_10_0","GIMP_2_10_0_RC1","GIMP_2_10_0_RC2","GIMP_2_10_2","GIMP_2_1_0","GIMP_2_1_1","GIMP_2_1_2","GIMP_2_1_3","GIMP_2_1_4","GIMP_2_1_5","GIMP_2_1_6","GIMP_2_1_7","GIMP_2_2_0","GIMP_2_2_1","GIMP_2_2_PRE1","GIMP_2_2_PRE2","GIMP_2_3_0","GIMP_2_3_1","GIMP_2_3_10","GIMP_2_3_11","GIMP_2_3_12","GIMP_2_3_13","GIMP_2_3_14","GIMP_2_3_16","GIMP_2_3_17","GIMP_2_3_18","GIMP_2_3_19","GIMP_2_3_2","GIMP_2_3_3","GIMP_2_3_4","GIMP_2_3_5","GIMP_2_3_6","GIMP_2_3_7","GIMP_2_3_8","GIMP_2_3_9","GIMP_2_4_0_RC1","GIMP_2_4_0_RC2","GIMP_2_4_0_RC3","GIMP_2_4_1","GIMP_2_5_0","GIMP_2_5_1","GIMP_2_5_2","GIMP_2_5_3","GIMP_2_5_4","GIMP_2_6_0","GIMP_2_6_1","GIMP_2_7_1","GIMP_2_7_2","GIMP_2_7_3","GIMP_2_7_4","GIMP_2_7_5","GIMP_2_8_0","GIMP_2_8_0_RC1","GIMP_2_99_10","GIMP_2_99_12","GIMP_2_99_14","GIMP_2_99_16","GIMP_2_99_18","GIMP_2_99_2","GIMP_2_99_4","GIMP_2_99_6","GIMP_2_99_8","GIMP_2_9_2","GIMP_2_9_6","GIMP_2_9_8","GIMP_3_0_0","GIMP_3_0_0_RC1","GIMP_3_0_0_RC2","GIMP_3_0_0_RC3","GIMP_3_0_2","GIMP_3_0_4","GIMP_BEFORE_GTK_2_0","GNOME_2_4_BRANCHPOINT","GNOME_BASE","GNOME_PRINT_0_24","LIBRSVG_2_1_1","LIBRSVG_2_1_2","LIBRSVG_2_1_3","LIBRSVG_2_1_4","LIBRSVG_2_1_5","LIBRSVG_2_2_0","NEEDS_GIMP_2_3_10","PROJECT_SUNLIGHT_ANCHOR","ROSALIA_BEFORE_COMMITTING_DL_AND_GNOME_HELLO","SCRIPT_FU_BEFORE_TINYSCHEME","SCRIPT_FU_MERGE","SNAP_19971121","TINY_FU_0_9_3","TINY_FU_0_9_4","TINY_FU_0_9_5","TINY_FU_0_9_6","TINY_FU_0_9_7","TINY_FU_0_9_8","TINY_FU_1_0_0","TINY_FU_1_0_1","TINY_FU_1_0_RC1","TINY_FU_1_1_0","gimp","release-2-2-4","release-2-2-5","release-2-3-0","release-2-4-0","soc-2012-unified-transform-after-gsoc","soc-2012-unified-transform-before-gsoc"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"11.0"}]}],"vanir_signatures":[{"signature_version":"v1","deprecated":false,"signature_type":"Line","target":{"file":"plug-ins/common/file-dicom.c"},"id":"CVE-2025-10922-34f818d1","digest":{"line_hashes":["191699432660218838172483518173105094968","66835177451583406677501223521622981320","301387944169863089748289223845574649255","296608621744732189407433044475243907008","234747518414398914976976171262673959336","38229611509381138707629058793847104203","248550865799811835610407453498712276316","109276823860191993489223442504286706422","237526798631326356980883685091003490250","27781676496418504262080265366938934379","233960235051130732354130381408077494723","337199540216865024902073160846094125109","82321282922399224413232876774190843741","101635608715544121149991315883410012840","305282343580935986254961098113210642724","109012656244729656522756087889521254318","277128338312469372901139073380117236493","26071113133916850039829844566721463354","133925961393829059703926553526879794691","212248030565533790635836263442192881369","214501897681032522044955230029751951771","87799505799267307527375164948394468806","102358627868978813539053224596467937258","174654135608631750556138022720880268765","236178868167885903512538224969835558688","101835300749764096331579250389479490117","15780596542700818994264754069173640405","162268349446912723931430540246257712392","61902065051749198891405813073345077919","30964207483252741915500918407661290315","1450236873332297310150597238984081387","94631016105672284989412709055006042434","42893321600759242581391686472593643457","130953095148405667866349076889193477722","89696679882929908972466172994158002818","214112812579022298708642821348275965718","296374102386033138429472337308290445983","92992036036371925948722381017044775465","221522197842025453887229760987109892169","41439344201685394001687881808673490018","116728817457123894961454474721669892395","137680811895029742635608122314748401158","72989431548335136739467522813790586642","104535120626624361838168386629489653326","250141907277882131175058244189658779263"],"threshold":0.9},"source":"https://gitlab.gnome.org/GNOME/gimp@3d909166463731e94dfe62042d76225ecfc4c1e4"},{"signature_version":"v1","deprecated":false,"signature_type":"Function","target":{"file":"plug-ins/common/file-dicom.c","function":"load_image"},"id":"CVE-2025-10922-9c3cc822","digest":{"length":7122,"function_hash":"27270316685411817656700907247657143461"},"source":"https://gitlab.gnome.org/GNOME/gimp@3d909166463731e94dfe62042d76225ecfc4c1e4"}],"vanir_signatures_modified":"2026-04-12T17:35:46Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-10922.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}