GIMP Stack-Based Buffer Overflow Vulnerability in ANI File Handling Allowing Arbitrary Code Execution

Vulnerability

A stack-based buffer overflow vulnerability has been identified in GIMP versions prior to 2.99.16, specifically within the ani_load_image() function. This flaw allows a malicious ANI file to be opened in GIMP, leading to arbitrary code execution by overwriting the stack with excess data.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected system.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

10.0

exploitability

4.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

10.0

exploitability

4.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GIMP Stack-Based Buffer Overflow Vulnerability in ANI File Handling Allowing Arbitrary Code Execution

Vulnerability

Impact

Affected Products

GIMP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating