GIMP Integer Overflow Vulnerability in Despeckle Plug-in Allowing Heap Corruption and Potential Code Execution

Vulnerability

An integer overflow vulnerability has been identified in the GIMP "Despeckle" plug-in. This issue arises from unchecked multiplication of image dimensions, including width, height, and bytes-per-pixel, leading to insufficient memory allocation and out-of-bounds writes. Such memory mismanagement could cause heap corruption, creating opportunities for a denial-of-service attack or, in certain situations, arbitrary code execution.

Impact

Exploitation of this vulnerability can result in heap corruption, causing a denial-of-service condition or allowing arbitrary code execution in specific scenarios.

Added: Jun 13, 2025, 4:18 PM

Updated: Jun 13, 2025, 4:18 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

10.0

exploitability

4.4

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

10.0

exploitability

4.4

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GIMP Integer Overflow Vulnerability in Despeckle Plug-in Allowing Heap Corruption and Potential Code Execution

Vulnerability

Impact

Affected Products

GIMP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating