Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged
Permalink CVE-2025-48798
7.3 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 10 months, 2 weeks ago
Gimp: multiple use after free in xcf parser

A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues.

References

Affected products

gimp
  • <3.0.0
  • *
gimp:2.8
  • *
gimp:2.8/gimp

Matching in nixpkgs

pkgs.zigimports

Automatically remove unused imports and globals from Zig files

  • nixos-unstable -
    • nixpkgs-unstable 0.1.0
    • nixos-unstable-small 0.1.0

pkgs.gimpPlugins.bimp

Batch Image Manipulation Plugin for GIMP

  • nixos-unstable 2.6
    • nixpkgs-unstable 2.6
    • nixos-unstable-small 2.6

pkgs.gimp3Plugins.gmic

GIMP plugin for the G'MIC image processing framework

  • nixos-unstable -
    • nixpkgs-unstable 3.5.0
    • nixos-unstable-small 3.5.0

Package maintainers