{"id":"CVE-2025-14423","details":"GIMP LBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of LBM files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28311.","modified":"2026-04-11T01:19:59.266109Z","published":"2025-12-23T22:15:49.420Z","related":["ALSA-2026:0914","openSUSE-RU-2026:20168-1","openSUSE-SU-2026:10066-1","openSUSE-SU-2026:20100-1"],"references":[{"type":"ADVISORY","url":"https://www.zerodayinitiative.com/advisories/ZDI-25-1137/"},{"type":"FIX","url":"https://gitlab.gnome.org/GNOME/gimp/-/commit/481cdbbb97746be1145ec3a633c567a68633c521"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gnome/gimp","events":[{"introduced":"0"},{"last_affected":"a77e8fd05d3d08a58650531a3700100f6a3216b7"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.0.6"}]}},{"type":"GIT","repo":"https://gitlab.gnome.org/GNOME/gimp","events":[{"introduced":"0"},{"fixed":"481cdbbb97746be1145ec3a633c567a68633c521"}]}],"versions":["BASE_ZERO","BEFORE_GIMAGE_IS_FLAT_REMOVAL","BEFORE_MATTS_CRAZY_TOOL_PATCH","BEFORE_TILE_MADNESS","FOR_PANEL","GIMP_0_99_16","GIMP_0_99_17","GIMP_0_99_18","GIMP_0_99_19","GIMP_0_99_20","GIMP_0_99_21","GIMP_0_99_22","GIMP_0_99_23","GIMP_0_99_24","GIMP_0_99_25","GIMP_0_99_27","GIMP_0_99_28","GIMP_0_99_29","GIMP_19990910","GIMP_1_0_0","GIMP_1_1_0","GIMP_1_1_1","GIMP_1_1_10","GIMP_1_1_11","GIMP_1_1_12","GIMP_1_1_13","GIMP_1_1_14","GIMP_1_1_15","GIMP_1_1_16","GIMP_1_1_17","GIMP_1_1_18","GIMP_1_1_19","GIMP_1_1_2","GIMP_1_1_20","GIMP_1_1_21","GIMP_1_1_22","GIMP_1_1_23","GIMP_1_1_24","GIMP_1_1_25","GIMP_1_1_26","GIMP_1_1_27","GIMP_1_1_28","GIMP_1_1_29","GIMP_1_1_3","GIMP_1_1_30","GIMP_1_1_31","GIMP_1_1_32","GIMP_1_1_4","GIMP_1_1_5","GIMP_1_1_6","GIMP_1_1_7","GIMP_1_1_8","GIMP_1_1_9","GIMP_1_2_0","GIMP_1_3_0","GIMP_1_3_1","GIMP_1_3_10","GIMP_1_3_11","GIMP_1_3_12","GIMP_1_3_13","GIMP_1_3_14","GIMP_1_3_15","GIMP_1_3_16","GIMP_1_3_17","GIMP_1_3_18","GIMP_1_3_19","GIMP_1_3_2","GIMP_1_3_20","GIMP_1_3_21","GIMP_1_3_22","GIMP_1_3_23","GIMP_1_3_24","GIMP_1_3_25","GIMP_1_3_26","GIMP_1_3_27","GIMP_1_3_3","GIMP_1_3_4","GIMP_1_3_5","GIMP_1_3_6","GIMP_1_3_7","GIMP_1_3_8","GIMP_1_3_9","GIMP_2_0_0","GIMP_2_0_1","GIMP_2_0_RC1","GIMP_2_10_0","GIMP_2_10_0_RC1","GIMP_2_10_0_RC2","GIMP_2_10_2","GIMP_2_1_0","GIMP_2_1_1","GIMP_2_1_2","GIMP_2_1_3","GIMP_2_1_4","GIMP_2_1_5","GIMP_2_1_6","GIMP_2_1_7","GIMP_2_2_0","GIMP_2_2_1","GIMP_2_2_PRE1","GIMP_2_2_PRE2","GIMP_2_3_0","GIMP_2_3_1","GIMP_2_3_10","GIMP_2_3_11","GIMP_2_3_12","GIMP_2_3_13","GIMP_2_3_14","GIMP_2_3_16","GIMP_2_3_17","GIMP_2_3_18","GIMP_2_3_19","GIMP_2_3_2","GIMP_2_3_3","GIMP_2_3_4","GIMP_2_3_5","GIMP_2_3_6","GIMP_2_3_7","GIMP_2_3_8","GIMP_2_3_9","GIMP_2_4_0_RC1","GIMP_2_4_0_RC2","GIMP_2_4_0_RC3","GIMP_2_4_1","GIMP_2_5_0","GIMP_2_5_1","GIMP_2_5_2","GIMP_2_5_3","GIMP_2_5_4","GIMP_2_6_0","GIMP_2_6_1","GIMP_2_7_1","GIMP_2_7_2","GIMP_2_7_3","GIMP_2_7_4","GIMP_2_7_5","GIMP_2_8_0","GIMP_2_8_0_RC1","GIMP_2_99_10","GIMP_2_99_12","GIMP_2_99_14","GIMP_2_99_16","GIMP_2_99_18","GIMP_2_99_2","GIMP_2_99_4","GIMP_2_99_6","GIMP_2_99_8","GIMP_2_9_2","GIMP_2_9_6","GIMP_2_9_8","GIMP_3_0_0","GIMP_3_0_0_RC1","GIMP_3_0_0_RC2","GIMP_3_0_0_RC3","GIMP_3_0_2","GIMP_3_0_4","GIMP_3_0_6","GIMP_3_1_2","GIMP_3_1_4","GIMP_3_2_0_RC1","GIMP_BEFORE_GTK_2_0","GNOME_2_4_BRANCHPOINT","GNOME_BASE","GNOME_PRINT_0_24","LIBRSVG_2_1_1","LIBRSVG_2_1_2","LIBRSVG_2_1_3","LIBRSVG_2_1_4","LIBRSVG_2_1_5","LIBRSVG_2_2_0","NEEDS_GIMP_2_3_10","PROJECT_SUNLIGHT_ANCHOR","ROSALIA_BEFORE_COMMITTING_DL_AND_GNOME_HELLO","SCRIPT_FU_BEFORE_TINYSCHEME","SCRIPT_FU_MERGE","SNAP_19971121","TINY_FU_0_9_3","TINY_FU_0_9_4","TINY_FU_0_9_5","TINY_FU_0_9_6","TINY_FU_0_9_7","TINY_FU_0_9_8","TINY_FU_1_0_0","TINY_FU_1_0_1","TINY_FU_1_0_RC1","TINY_FU_1_1_0","gimp","release-2-2-4","release-2-2-5","release-2-3-0","release-2-4-0","soc-2012-unified-transform-after-gsoc","soc-2012-unified-transform-before-gsoc"],"database_specific":{"vanir_signatures":[{"target":{"function":"deleave_ham_row","file":"plug-ins/common/file-iff.c"},"signature_version":"v1","signature_type":"Function","digest":{"length":1098,"function_hash":"87854120580509801534126877442328126963"},"source":"https://gitlab.gnome.org/GNOME/gimp@481cdbbb97746be1145ec3a633c567a68633c521","deprecated":false,"id":"CVE-2025-14423-42689c75"},{"target":{"function":"load_image","file":"plug-ins/common/file-iff.c"},"signature_version":"v1","signature_type":"Function","digest":{"length":3730,"function_hash":"94216370597032196166179298462067865036"},"source":"https://gitlab.gnome.org/GNOME/gimp@481cdbbb97746be1145ec3a633c567a68633c521","deprecated":false,"id":"CVE-2025-14423-7f082fae"},{"target":{"file":"plug-ins/common/file-iff.c"},"signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["31369249123231163131601087814746943376","100177824552797478833021596102032241437","305599210608883843984490228513833207046","258551051614192103544448841979368377048","119995076743133610843771093168627101484","189517918220521786444514832673967244946","183549934542285966338835240999492216956","168820688426226570990516727475257170852","323115743602753847299870721742348750989","237665288981942108265812108980632765208","141968689471721290986980182745419237280","288332904042796036239681155288939590040","146433502983853251998445101112824523579","237957542606087741333074974607347419896","198911864043195231970354108333764288624","81115870795146825867816247049947196641","108441674450325827230684234308020740305","246684539805256593322564412374099455304","48218048076259676347549989051510077951","323591561833634901369684351256129918168","323354085944324957886257203371962190547","40837310340737454698836688014697580389","241669741545785306054773755557042946815","255915509702069245509276517832428944313","269581020834215285986871186968020831430","40348892036319309650196283564741540623","335994942865110190218009320468538184419","235210604625986953346083061576669363342","109612290272372032662353965353977175831","321526240777143377363337747536373995756"],"threshold":0.9},"source":"https://gitlab.gnome.org/GNOME/gimp@481cdbbb97746be1145ec3a633c567a68633c521","deprecated":false,"id":"CVE-2025-14423-87d39389"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-14423.json","vanir_signatures_modified":"2026-04-11T01:19:59Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}