Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-j13x-yf4j-bygr

Summary gimp: GIMP WBMP File Parsing Integer Overflow Remote Code Execution Vulnerability

Aliases

alias	CVE-2025-10923

Fixed_packages

url	pkg:deb/debian/gimp@0?distro=trixie
purl	pkg:deb/debian/gimp@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@0%3Fdistro=trixie

url pkg:deb/debian/gimp@2.10.22-4%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/gimp@2.10.22-4%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hm4-srhz-tqhb

vulnerability	VCID-3sqk-cbwn-tqa7

vulnerability	VCID-9v2z-2myu-bfd3

vulnerability	VCID-d967-53mv-13b6

vulnerability	VCID-dkmg-nu4f-xbay

vulnerability	VCID-fraw-9hj8-vbhs

vulnerability	VCID-gfzg-1hvp-5ugd

vulnerability	VCID-hj85-sup9-abft

vulnerability	VCID-ney7-z8qy-kuce

vulnerability	VCID-va44-vsem-xuf5

vulnerability	VCID-wkrp-v537-x3hy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.22-4%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5?distro=trixie

purl pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hm4-srhz-tqhb

vulnerability	VCID-9v2z-2myu-bfd3

vulnerability	VCID-d967-53mv-13b6

vulnerability	VCID-dkmg-nu4f-xbay

vulnerability	VCID-fraw-9hj8-vbhs

vulnerability	VCID-gfzg-1hvp-5ugd

vulnerability	VCID-hj85-sup9-abft

vulnerability	VCID-ney7-z8qy-kuce

vulnerability	VCID-va44-vsem-xuf5

vulnerability	VCID-wkrp-v537-x3hy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5%3Fdistro=trixie

url	pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.0.4-3%252Bdeb13u1%3Fdistro=trixie

url pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u7?distro=trixie

purl pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u7?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hm4-srhz-tqhb

vulnerability	VCID-9v2z-2myu-bfd3

vulnerability	VCID-d967-53mv-13b6

vulnerability	VCID-dkmg-nu4f-xbay

vulnerability	VCID-fraw-9hj8-vbhs

vulnerability	VCID-hj85-sup9-abft

vulnerability	VCID-ney7-z8qy-kuce

vulnerability	VCID-rw3k-nfe2-4qd2

vulnerability	VCID-va44-vsem-xuf5

vulnerability	VCID-wkrp-v537-x3hy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.0.4-3%252Bdeb13u7%3Fdistro=trixie

url	pkg:deb/debian/gimp@3.0.4-6.1?distro=trixie
purl	pkg:deb/debian/gimp@3.0.4-6.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.0.4-6.1%3Fdistro=trixie

url	pkg:deb/debian/gimp@3.2.0-1?distro=trixie
purl	pkg:deb/debian/gimp@3.2.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.0-1%3Fdistro=trixie

url	pkg:deb/debian/gimp@3.2.2-1?distro=trixie
purl	pkg:deb/debian/gimp@3.2.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.2-1%3Fdistro=trixie

url	pkg:deb/debian/gimp@3.2.4-1?distro=trixie
purl	pkg:deb/debian/gimp@3.2.4-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.4-1%3Fdistro=trixie

Affected_packages

url pkg:rpm/redhat/gimp@2:3.0.4-1.el9_7?arch=1

purl pkg:rpm/redhat/gimp@2:3.0.4-1.el9_7?arch=1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6j1w-qaak-rydj

vulnerability	VCID-gdxp-wy9y-m3h1

vulnerability	VCID-j13x-yf4j-bygr

vulnerability	VCID-qk2t-bm6s-1fes

vulnerability	VCID-rw3k-nfe2-4qd2

vulnerability	VCID-x4pk-uzwb-97hj

vulnerability	VCID-z2up-g7ms-gfg2

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/gimp@2:3.0.4-1.el9_7%3Farch=1

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10923.json

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10923.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-10923

reference_id

reference_type

scores

value	0.00056
scoring_system	epss
scoring_elements	0.17679
published_at	2026-04-02T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17445
published_at	2026-04-07T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17725
published_at	2026-04-04T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20488
published_at	2026-04-16T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.2055
published_at	2026-04-12T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20498
published_at	2026-04-13T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20487
published_at	2026-04-18T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20483
published_at	2026-04-21T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20515
published_at	2026-04-08T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20572
published_at	2026-04-09T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20594
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-10923

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116460
reference_id	1116460
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116460

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2407192
reference_id	2407192
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2407192

reference_url

https://gitlab.gnome.org/GNOME/gimp/-/commit/2d2d39f3da1d0b01ca7d71ad2b7a8725ee92ed96

reference_id

2d2d39f3da1d0b01ca7d71ad2b7a8725ee92ed96

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-31T03:55:15Z/

url

https://gitlab.gnome.org/GNOME/gimp/-/commit/2d2d39f3da1d0b01ca7d71ad2b7a8725ee92ed96

reference_url	https://access.redhat.com/errata/RHSA-2025:21968
reference_id	RHSA-2025:21968
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:21968

reference_url	https://access.redhat.com/errata/RHSA-2025:22417
reference_id	RHSA-2025:22417
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:22417

reference_url

https://www.zerodayinitiative.com/advisories/ZDI-25-912/

reference_id

ZDI-25-912

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-31T03:55:15Z/

url

https://www.zerodayinitiative.com/advisories/ZDI-25-912/

Weaknesses

cwe_id	190
name	Integer Overflow or Wraparound
description	The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

Exploits

Severity_range_score 7.8 - 7.8

Exploitability 0.5

Weighted_severity 7.0

Risk_score 3.5

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j13x-yf4j-bygr

Vulnerability Instance