摘要:
gimp security update
安全等级: High
公告ID: KylinSec-SA-2025-2677
发布日期: 2025年6月20日
The GIMP is an image composition and editing program, which can be used for creating logos and other graphics for Web pages. The GIMP offers many tools and filters, and provides a large image manipulation toolbox, including channel operations and layers, effects, subpixel imaging and antialiasing, and conversions, together with multilevel undo. The GIMP offers a scripting facility, but many of the included scripts rely on fonts that we cannot distribute.
Security Fix(es):
A flaw was found in GIMP when processing certain TGA image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing a heap buffer overflow.(CVE-2025-48797)
A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues.(CVE-2025-48798)
GIMP ICO File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of ICO files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26752.(CVE-2025-5473)
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2025-48798 | KY3.4-5A | gimp | Fixed |
| CVE-2025-5473 | KY3.4-5A | gimp | Fixed |
| CVE-2025-48797 | KY3.4-5A | gimp | Fixed |
| 软件名称 | 架构 | 版本号 |
|---|---|---|
| gimp | x86_64 | 2.10.6-13.kb1.ky3_4 |
| gimp-devel | x86_64 | 2.10.6-13.kb1.ky3_4 |
| gimp-help | x86_64 | 2.10.6-13.kb1.ky3_4 |
| gimp-libs | x86_64 | 2.10.6-13.kb1.ky3_4 |
| gimp | aarch64 | 2.10.6-13.kb1.ky3_4 |
| gimp-devel | aarch64 | 2.10.6-13.kb1.ky3_4 |
| gimp-help | aarch64 | 2.10.6-13.kb1.ky3_4 |
| gimp-libs | aarch64 | 2.10.6-13.kb1.ky3_4 |
方法一:下载安装包进行升级安装
1、通过下载链接下载需要升级的升级包保存,如 xxx.rpm
2、通过rpm命令升级,如 rpm -Uvh xxx.rpm
方法二:通过软件源进行升级安装
1、保持能够连接上互联网
2、通过yum命令升级指定的包,如 yum install 包名
