{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"High" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"gimp security update", "category":"general", "title":"Synopsis" }, { "text":"An update for gimp is now available for openEuler-24.03-LTS-SP1", "category":"general", "title":"Summary" }, { "text":"The GIMP is an image composition and editing program, which can be used for creating logos and other graphics for Web pages. The GIMP offers many tools and filters, and provides a large image manipulation toolbox, including channel operations and layers, effects, subpixel imaging and antialiasing, and conversions, together with multilevel undo. The GIMP offers a scripting facility, but many of the included scripts rely on fonts that we cannot distribute.\n\nSecurity Fix(es):\n\nA vulnerability was found in GIMP (Image Processing Software) that has been declared as critical. The CWE definition for the vulnerability is CWE-787 (Out-of-bounds Write). The product writes data past the end, or before the beginning, of the intended buffer. As an impact it is known to affect confidentiality, integrity, and availability. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.(CVE-2025-10920)\n\nA critical vulnerability was found in GIMP (Image Processing Software) involving CWE-122 heap-based buffer overflow. Attackers can trigger buffer overflow in heap memory through specially crafted DCM files, impacting confidentiality, integrity, and availability.(CVE-2025-10922)\n\nA critical vulnerability was found in GIMP (Image Processing Software). The vulnerability involves CWE-190 integer overflow issue, where the product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control. Impact includes confidentiality, integrity, and availability.(CVE-2025-10923)\n\nA vulnerability was found in GIMP (Image Processing Software) (unknown version). It has been classified as critical. CWE is classifying the issue as CWE-190. The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control. This is going to have an impact on confidentiality, integrity, and availability. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.(CVE-2025-10924)\n\nA critical vulnerability was found in GIMP (Image Processing Software) (affected version not known). The issue is classified as CWE-121 (Stack-based Buffer Overflow). A stack-based buffer overflow condition occurs when the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). This impacts confidentiality, integrity, and availability. Applying a patch can eliminate this problem, and the bugfix is available for download at gitlab.gnome.org.(CVE-2025-10925)", "category":"general", "title":"Description" }, { "text":"An update for gimp is now available for openEuler-24.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"High", "category":"general", "title":"Severity" }, { "text":"gimp", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2025-2363", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2363" }, { "summary":"CVE-2025-10920", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-10920&packageName=gimp" }, { "summary":"CVE-2025-10922", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-10922&packageName=gimp" }, { "summary":"CVE-2025-10923", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-10923&packageName=gimp" }, { "summary":"CVE-2025-10924", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-10924&packageName=gimp" }, { "summary":"CVE-2025-10925", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-10925&packageName=gimp" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-10920" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-10922" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-10923" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-10924" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-10925" }, { "summary":"openEuler-SA-2025-2363 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2025/csaf-openeuler-sa-2025-2363.json" } ], "title":"An update for gimp is now available for openEuler-24.03-LTS-SP1", "tracking":{ "initial_release_date":"2025-10-11T21:22:55+08:00", "revision_history":[ { "date":"2025-10-11T21:22:55+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2025-10-11T21:22:55+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2025-10-11T21:22:55+08:00", "id":"openEuler-SA-2025-2363", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"openEuler-24.03-LTS-SP1", "name":"openEuler-24.03-LTS-SP1" }, "name":"openEuler-24.03-LTS-SP1", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"gimp-3.0.2-4.oe2403sp1.aarch64.rpm", "name":"gimp-3.0.2-4.oe2403sp1.aarch64.rpm" }, "name":"gimp-3.0.2-4.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"gimp-debuginfo-3.0.2-4.oe2403sp1.aarch64.rpm", "name":"gimp-debuginfo-3.0.2-4.oe2403sp1.aarch64.rpm" }, "name":"gimp-debuginfo-3.0.2-4.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"gimp-debugsource-3.0.2-4.oe2403sp1.aarch64.rpm", "name":"gimp-debugsource-3.0.2-4.oe2403sp1.aarch64.rpm" }, "name":"gimp-debugsource-3.0.2-4.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"gimp-devel-3.0.2-4.oe2403sp1.aarch64.rpm", "name":"gimp-devel-3.0.2-4.oe2403sp1.aarch64.rpm" }, "name":"gimp-devel-3.0.2-4.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"gimp-extension-goat-excercises-3.0.2-4.oe2403sp1.aarch64.rpm", "name":"gimp-extension-goat-excercises-3.0.2-4.oe2403sp1.aarch64.rpm" }, "name":"gimp-extension-goat-excercises-3.0.2-4.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"gimp-libs-3.0.2-4.oe2403sp1.aarch64.rpm", "name":"gimp-libs-3.0.2-4.oe2403sp1.aarch64.rpm" }, "name":"gimp-libs-3.0.2-4.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"gimp-plugin-aa-3.0.2-4.oe2403sp1.aarch64.rpm", "name":"gimp-plugin-aa-3.0.2-4.oe2403sp1.aarch64.rpm" }, "name":"gimp-plugin-aa-3.0.2-4.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"gimp-plugin-python3-3.0.2-4.oe2403sp1.aarch64.rpm", "name":"gimp-plugin-python3-3.0.2-4.oe2403sp1.aarch64.rpm" }, "name":"gimp-plugin-python3-3.0.2-4.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"gimp-vala-3.0.2-4.oe2403sp1.aarch64.rpm", "name":"gimp-vala-3.0.2-4.oe2403sp1.aarch64.rpm" }, "name":"gimp-vala-3.0.2-4.oe2403sp1.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"gimp-3.0.2-4.oe2403sp1.src.rpm", "name":"gimp-3.0.2-4.oe2403sp1.src.rpm" }, "name":"gimp-3.0.2-4.oe2403sp1.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"gimp-3.0.2-4.oe2403sp1.x86_64.rpm", "name":"gimp-3.0.2-4.oe2403sp1.x86_64.rpm" }, "name":"gimp-3.0.2-4.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"gimp-debuginfo-3.0.2-4.oe2403sp1.x86_64.rpm", "name":"gimp-debuginfo-3.0.2-4.oe2403sp1.x86_64.rpm" }, "name":"gimp-debuginfo-3.0.2-4.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"gimp-debugsource-3.0.2-4.oe2403sp1.x86_64.rpm", "name":"gimp-debugsource-3.0.2-4.oe2403sp1.x86_64.rpm" }, "name":"gimp-debugsource-3.0.2-4.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"gimp-devel-3.0.2-4.oe2403sp1.x86_64.rpm", "name":"gimp-devel-3.0.2-4.oe2403sp1.x86_64.rpm" }, "name":"gimp-devel-3.0.2-4.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"gimp-extension-goat-excercises-3.0.2-4.oe2403sp1.x86_64.rpm", "name":"gimp-extension-goat-excercises-3.0.2-4.oe2403sp1.x86_64.rpm" }, "name":"gimp-extension-goat-excercises-3.0.2-4.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"gimp-libs-3.0.2-4.oe2403sp1.x86_64.rpm", "name":"gimp-libs-3.0.2-4.oe2403sp1.x86_64.rpm" }, "name":"gimp-libs-3.0.2-4.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"gimp-plugin-aa-3.0.2-4.oe2403sp1.x86_64.rpm", "name":"gimp-plugin-aa-3.0.2-4.oe2403sp1.x86_64.rpm" }, "name":"gimp-plugin-aa-3.0.2-4.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"gimp-plugin-python3-3.0.2-4.oe2403sp1.x86_64.rpm", "name":"gimp-plugin-python3-3.0.2-4.oe2403sp1.x86_64.rpm" }, "name":"gimp-plugin-python3-3.0.2-4.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"gimp-vala-3.0.2-4.oe2403sp1.x86_64.rpm", "name":"gimp-vala-3.0.2-4.oe2403sp1.x86_64.rpm" }, "name":"gimp-vala-3.0.2-4.oe2403sp1.x86_64.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"gimp-3.0.2-4.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:gimp-3.0.2-4.oe2403sp1.aarch64", "name":"gimp-3.0.2-4.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"gimp-debuginfo-3.0.2-4.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:gimp-debuginfo-3.0.2-4.oe2403sp1.aarch64", "name":"gimp-debuginfo-3.0.2-4.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"gimp-debugsource-3.0.2-4.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:gimp-debugsource-3.0.2-4.oe2403sp1.aarch64", "name":"gimp-debugsource-3.0.2-4.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"gimp-devel-3.0.2-4.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:gimp-devel-3.0.2-4.oe2403sp1.aarch64", "name":"gimp-devel-3.0.2-4.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"gimp-extension-goat-excercises-3.0.2-4.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:gimp-extension-goat-excercises-3.0.2-4.oe2403sp1.aarch64", "name":"gimp-extension-goat-excercises-3.0.2-4.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"gimp-libs-3.0.2-4.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:gimp-libs-3.0.2-4.oe2403sp1.aarch64", "name":"gimp-libs-3.0.2-4.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"gimp-plugin-aa-3.0.2-4.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:gimp-plugin-aa-3.0.2-4.oe2403sp1.aarch64", "name":"gimp-plugin-aa-3.0.2-4.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"gimp-plugin-python3-3.0.2-4.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:gimp-plugin-python3-3.0.2-4.oe2403sp1.aarch64", "name":"gimp-plugin-python3-3.0.2-4.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"gimp-vala-3.0.2-4.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:gimp-vala-3.0.2-4.oe2403sp1.aarch64", "name":"gimp-vala-3.0.2-4.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"gimp-3.0.2-4.oe2403sp1.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:gimp-3.0.2-4.oe2403sp1.src", "name":"gimp-3.0.2-4.oe2403sp1.src as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"gimp-3.0.2-4.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:gimp-3.0.2-4.oe2403sp1.x86_64", "name":"gimp-3.0.2-4.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"gimp-debuginfo-3.0.2-4.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:gimp-debuginfo-3.0.2-4.oe2403sp1.x86_64", "name":"gimp-debuginfo-3.0.2-4.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"gimp-debugsource-3.0.2-4.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:gimp-debugsource-3.0.2-4.oe2403sp1.x86_64", "name":"gimp-debugsource-3.0.2-4.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"gimp-devel-3.0.2-4.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:gimp-devel-3.0.2-4.oe2403sp1.x86_64", "name":"gimp-devel-3.0.2-4.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"gimp-extension-goat-excercises-3.0.2-4.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:gimp-extension-goat-excercises-3.0.2-4.oe2403sp1.x86_64", "name":"gimp-extension-goat-excercises-3.0.2-4.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"gimp-libs-3.0.2-4.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:gimp-libs-3.0.2-4.oe2403sp1.x86_64", "name":"gimp-libs-3.0.2-4.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"gimp-plugin-aa-3.0.2-4.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:gimp-plugin-aa-3.0.2-4.oe2403sp1.x86_64", "name":"gimp-plugin-aa-3.0.2-4.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"gimp-plugin-python3-3.0.2-4.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:gimp-plugin-python3-3.0.2-4.oe2403sp1.x86_64", "name":"gimp-plugin-python3-3.0.2-4.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"gimp-vala-3.0.2-4.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:gimp-vala-3.0.2-4.oe2403sp1.x86_64", "name":"gimp-vala-3.0.2-4.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2025-10920", "notes":[ { "text":"A vulnerability was found in GIMP (Image Processing Software) that has been declared as critical. The CWE definition for the vulnerability is CWE-787 (Out-of-bounds Write). The product writes data past the end, or before the beginning, of the intended buffer. As an impact it is known to affect confidentiality, integrity, and availability. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:gimp-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-debuginfo-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-debugsource-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-devel-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-extension-goat-excercises-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-libs-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-plugin-aa-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-plugin-python3-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-vala-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-3.0.2-4.oe2403sp1.src", "openEuler-24.03-LTS-SP1:gimp-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-debuginfo-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-debugsource-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-devel-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-extension-goat-excercises-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-libs-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-plugin-aa-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-plugin-python3-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-vala-3.0.2-4.oe2403sp1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:gimp-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-debuginfo-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-debugsource-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-devel-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-extension-goat-excercises-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-libs-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-plugin-aa-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-plugin-python3-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-vala-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-3.0.2-4.oe2403sp1.src", "openEuler-24.03-LTS-SP1:gimp-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-debuginfo-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-debugsource-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-devel-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-extension-goat-excercises-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-libs-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-plugin-aa-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-plugin-python3-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-vala-3.0.2-4.oe2403sp1.x86_64" ], "details":"gimp security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2363" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:gimp-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-debuginfo-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-debugsource-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-devel-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-extension-goat-excercises-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-libs-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-plugin-aa-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-plugin-python3-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-vala-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-3.0.2-4.oe2403sp1.src", "openEuler-24.03-LTS-SP1:gimp-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-debuginfo-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-debugsource-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-devel-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-extension-goat-excercises-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-libs-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-plugin-aa-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-plugin-python3-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-vala-3.0.2-4.oe2403sp1.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-10920" }, { "cve":"CVE-2025-10922", "notes":[ { "text":"A critical vulnerability was found in GIMP (Image Processing Software) involving CWE-122 heap-based buffer overflow. Attackers can trigger buffer overflow in heap memory through specially crafted DCM files, impacting confidentiality, integrity, and availability.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:gimp-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-debuginfo-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-debugsource-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-devel-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-extension-goat-excercises-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-libs-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-plugin-aa-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-plugin-python3-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-vala-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-3.0.2-4.oe2403sp1.src", "openEuler-24.03-LTS-SP1:gimp-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-debuginfo-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-debugsource-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-devel-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-extension-goat-excercises-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-libs-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-plugin-aa-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-plugin-python3-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-vala-3.0.2-4.oe2403sp1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:gimp-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-debuginfo-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-debugsource-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-devel-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-extension-goat-excercises-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-libs-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-plugin-aa-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-plugin-python3-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-vala-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-3.0.2-4.oe2403sp1.src", "openEuler-24.03-LTS-SP1:gimp-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-debuginfo-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-debugsource-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-devel-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-extension-goat-excercises-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-libs-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-plugin-aa-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-plugin-python3-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-vala-3.0.2-4.oe2403sp1.x86_64" ], "details":"gimp security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2363" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:gimp-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-debuginfo-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-debugsource-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-devel-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-extension-goat-excercises-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-libs-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-plugin-aa-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-plugin-python3-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-vala-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-3.0.2-4.oe2403sp1.src", "openEuler-24.03-LTS-SP1:gimp-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-debuginfo-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-debugsource-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-devel-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-extension-goat-excercises-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-libs-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-plugin-aa-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-plugin-python3-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-vala-3.0.2-4.oe2403sp1.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-10922" }, { "cve":"CVE-2025-10923", "notes":[ { "text":"A critical vulnerability was found in GIMP (Image Processing Software). The vulnerability involves CWE-190 integer overflow issue, where the product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control. Impact includes confidentiality, integrity, and availability.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:gimp-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-debuginfo-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-debugsource-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-devel-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-extension-goat-excercises-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-libs-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-plugin-aa-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-plugin-python3-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-vala-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-3.0.2-4.oe2403sp1.src", "openEuler-24.03-LTS-SP1:gimp-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-debuginfo-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-debugsource-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-devel-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-extension-goat-excercises-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-libs-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-plugin-aa-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-plugin-python3-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-vala-3.0.2-4.oe2403sp1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:gimp-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-debuginfo-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-debugsource-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-devel-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-extension-goat-excercises-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-libs-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-plugin-aa-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-plugin-python3-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-vala-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-3.0.2-4.oe2403sp1.src", "openEuler-24.03-LTS-SP1:gimp-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-debuginfo-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-debugsource-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-devel-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-extension-goat-excercises-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-libs-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-plugin-aa-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-plugin-python3-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-vala-3.0.2-4.oe2403sp1.x86_64" ], "details":"gimp security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2363" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:gimp-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-debuginfo-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-debugsource-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-devel-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-extension-goat-excercises-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-libs-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-plugin-aa-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-plugin-python3-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-vala-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-3.0.2-4.oe2403sp1.src", "openEuler-24.03-LTS-SP1:gimp-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-debuginfo-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-debugsource-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-devel-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-extension-goat-excercises-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-libs-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-plugin-aa-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-plugin-python3-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-vala-3.0.2-4.oe2403sp1.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-10923" }, { "cve":"CVE-2025-10924", "notes":[ { "text":"A vulnerability was found in GIMP (Image Processing Software) (unknown version). It has been classified as critical. CWE is classifying the issue as CWE-190. The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control. This is going to have an impact on confidentiality, integrity, and availability. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:gimp-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-debuginfo-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-debugsource-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-devel-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-extension-goat-excercises-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-libs-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-plugin-aa-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-plugin-python3-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-vala-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-3.0.2-4.oe2403sp1.src", "openEuler-24.03-LTS-SP1:gimp-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-debuginfo-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-debugsource-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-devel-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-extension-goat-excercises-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-libs-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-plugin-aa-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-plugin-python3-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-vala-3.0.2-4.oe2403sp1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:gimp-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-debuginfo-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-debugsource-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-devel-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-extension-goat-excercises-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-libs-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-plugin-aa-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-plugin-python3-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-vala-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-3.0.2-4.oe2403sp1.src", "openEuler-24.03-LTS-SP1:gimp-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-debuginfo-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-debugsource-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-devel-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-extension-goat-excercises-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-libs-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-plugin-aa-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-plugin-python3-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-vala-3.0.2-4.oe2403sp1.x86_64" ], "details":"gimp security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2363" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:gimp-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-debuginfo-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-debugsource-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-devel-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-extension-goat-excercises-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-libs-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-plugin-aa-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-plugin-python3-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-vala-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-3.0.2-4.oe2403sp1.src", "openEuler-24.03-LTS-SP1:gimp-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-debuginfo-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-debugsource-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-devel-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-extension-goat-excercises-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-libs-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-plugin-aa-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-plugin-python3-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-vala-3.0.2-4.oe2403sp1.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-10924" }, { "cve":"CVE-2025-10925", "notes":[ { "text":"A critical vulnerability was found in GIMP (Image Processing Software) (affected version not known). The issue is classified as CWE-121 (Stack-based Buffer Overflow). A stack-based buffer overflow condition occurs when the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). This impacts confidentiality, integrity, and availability. Applying a patch can eliminate this problem, and the bugfix is available for download at gitlab.gnome.org.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:gimp-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-debuginfo-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-debugsource-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-devel-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-extension-goat-excercises-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-libs-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-plugin-aa-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-plugin-python3-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-vala-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-3.0.2-4.oe2403sp1.src", "openEuler-24.03-LTS-SP1:gimp-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-debuginfo-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-debugsource-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-devel-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-extension-goat-excercises-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-libs-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-plugin-aa-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-plugin-python3-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-vala-3.0.2-4.oe2403sp1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:gimp-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-debuginfo-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-debugsource-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-devel-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-extension-goat-excercises-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-libs-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-plugin-aa-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-plugin-python3-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-vala-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-3.0.2-4.oe2403sp1.src", "openEuler-24.03-LTS-SP1:gimp-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-debuginfo-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-debugsource-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-devel-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-extension-goat-excercises-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-libs-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-plugin-aa-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-plugin-python3-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-vala-3.0.2-4.oe2403sp1.x86_64" ], "details":"gimp security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2363" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:gimp-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-debuginfo-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-debugsource-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-devel-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-extension-goat-excercises-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-libs-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-plugin-aa-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-plugin-python3-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-vala-3.0.2-4.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:gimp-3.0.2-4.oe2403sp1.src", "openEuler-24.03-LTS-SP1:gimp-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-debuginfo-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-debugsource-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-devel-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-extension-goat-excercises-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-libs-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-plugin-aa-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-plugin-python3-3.0.2-4.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:gimp-vala-3.0.2-4.oe2403sp1.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-10925" } ] }