Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1026170?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1026170?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5", "type": "deb", "namespace": "debian", "name": "gimp", "version": "2.10.34-1+deb12u5", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.10.34-1+deb12u10", "latest_non_vulnerable_version": "3.0.4-3+deb13u8", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96997?format=api", "vulnerability_id": "VCID-1hm4-srhz-tqhb", "summary": "", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2046", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2046" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026171?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068122?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u10" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068117?format=api", "purl": "pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.0.4-3%252Bdeb13u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/994911?format=api", "purl": "pkg:deb/debian/gimp@3.2.2-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.2-1" } ], "aliases": [ "CVE-2026-2046" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1hm4-srhz-tqhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/267402?format=api", "vulnerability_id": "VCID-9v2z-2myu-bfd3", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4154.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4154.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4154", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19603", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19544", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19508", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19651", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20952", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20973", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.2069", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20786", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20819", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20822", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4154" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4154", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4154" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457530", "reference_id": "2457530", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457530" }, { "reference_url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/2e7ed91793792d9e980b2df4c829e9aa60459253", "reference_id": "2e7ed91793792d9e980b2df4c829e9aa60459253", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T18:24:06Z/" } ], "url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/2e7ed91793792d9e980b2df4c829e9aa60459253" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-26-221/", "reference_id": "ZDI-26-221", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T18:24:06Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-221/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026171?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068122?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u10" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068117?format=api", "purl": "pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.0.4-3%252Bdeb13u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/994911?format=api", "purl": "pkg:deb/debian/gimp@3.2.2-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.2-1" } ], "aliases": [ "CVE-2026-4154" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9v2z-2myu-bfd3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/351414?format=api", "vulnerability_id": "VCID-d967-53mv-13b6", "summary": "GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28863.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4152.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4152.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4152", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09897", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09931", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.0989", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09772", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09855", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18106", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18062", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18012", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.17954", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.1934", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4152" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4152", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4152" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457533", "reference_id": "2457533", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457533" }, { "reference_url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/f64c9c23ba3c37dc7b875a9fb477c23953b4666e", "reference_id": "f64c9c23ba3c37dc7b875a9fb477c23953b4666e", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:24:03Z/" } ], "url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/f64c9c23ba3c37dc7b875a9fb477c23953b4666e" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-26-219/", "reference_id": "ZDI-26-219", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:24:03Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-219/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026171?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068122?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u10" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068117?format=api", "purl": "pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.0.4-3%252Bdeb13u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/994911?format=api", "purl": "pkg:deb/debian/gimp@3.2.2-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.2-1" } ], "aliases": [ "CVE-2026-4152" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d967-53mv-13b6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/267399?format=api", "vulnerability_id": "VCID-dkmg-nu4f-xbay", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4150.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4150.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4150", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11044", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10835", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10892", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.1096", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11006", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19603", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19651", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19544", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19508", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20973", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4150" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4150", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4150" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/00afdabdadeb5457fd897878b1e5aebc3780af10", "reference_id": "00afdabdadeb5457fd897878b1e5aebc3780af10", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:25:13Z/" } ], "url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/00afdabdadeb5457fd897878b1e5aebc3780af10" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457535", "reference_id": "2457535", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457535" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-26-217/", "reference_id": "ZDI-26-217", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:25:13Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-217/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026171?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068122?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u10" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068117?format=api", "purl": "pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.0.4-3%252Bdeb13u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/994911?format=api", "purl": "pkg:deb/debian/gimp@3.2.2-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.2-1" } ], "aliases": [ "CVE-2026-4150" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dkmg-nu4f-xbay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/352161?format=api", "vulnerability_id": "VCID-fraw-9hj8-vbhs", "summary": "gimp: GIMP: Heap buffer overflow due to integer overflow in FITS image loader", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40915.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40915.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40915", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04093", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04085", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05805", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05816", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06852", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06832", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06827", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40915" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40915", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40915" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458744", "reference_id": "2458744", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T19:32:48Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458744" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-40915", "reference_id": "CVE-2026-40915", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T19:32:48Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-40915" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026171?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068122?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u10" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068117?format=api", "purl": "pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.0.4-3%252Bdeb13u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/994911?format=api", "purl": "pkg:deb/debian/gimp@3.2.2-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.2-1" } ], "aliases": [ "CVE-2026-40915" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fraw-9hj8-vbhs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83385?format=api", "vulnerability_id": "VCID-gfzg-1hvp-5ugd", "summary": "gimp: predictable temporary file name in test-xcf.c unit test", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12713.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12713.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12713", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.54942", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55109", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55047", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55072", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55048", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55098", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55097", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55089", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58923", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.5894", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58922", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58938", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58883", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58924", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58958", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58962", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12713" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12713", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12713" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/GNOME/gimp/commit/c21eff4b031acb04fb4dfce8bd5fdfecc2b6524f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/GNOME/gimp/commit/c21eff4b031acb04fb4dfce8bd5fdfecc2b6524f" }, { "reference_url": "https://gitlab.gnome.org/GNOME/gimp/issues/1689", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.gnome.org/GNOME/gimp/issues/1689" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595819", "reference_id": "1595819", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595819" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gimp:gimp:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12713", "reference_id": "CVE-2018-12713", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:N" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12713" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026171?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068122?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u10" } ], "aliases": [ "CVE-2018-12713" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gfzg-1hvp-5ugd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63982?format=api", "vulnerability_id": "VCID-hj85-sup9-abft", "summary": "gimp: GIMP:Memory disclosure and denial of service via specially crafted PCX image", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4887.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4887.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4887", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06574", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06554", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19482", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19495", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.196", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24947", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24992", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25006", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24965", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24911", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24924", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24916", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25065", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25103", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24878", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4887" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4887", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4887" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.gnome.org/GNOME/gimp/-/issues/15960", "reference_id": "15960", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:58:38Z/" } ], "url": "https://gitlab.gnome.org/GNOME/gimp/-/issues/15960" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451669", "reference_id": "2451669", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:58:38Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451669" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-4887", "reference_id": "CVE-2026-4887", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:58:38Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-4887" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026171?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068122?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u10" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068117?format=api", "purl": "pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.0.4-3%252Bdeb13u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/994911?format=api", "purl": "pkg:deb/debian/gimp@3.2.2-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.2-1" } ], "aliases": [ "CVE-2026-4887" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hj85-sup9-abft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/267401?format=api", "vulnerability_id": "VCID-ney7-z8qy-kuce", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4153.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4153.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4153", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18062", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18012", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.17954", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18106", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19354", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.1934", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19096", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19202", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19242", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19253", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4153" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4153", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4153" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457536", "reference_id": "2457536", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457536" }, { "reference_url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/98cb1371fd4e22cca75017ea3252dc32fc218712", "reference_id": "98cb1371fd4e22cca75017ea3252dc32fc218712", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T18:24:23Z/" } ], "url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/98cb1371fd4e22cca75017ea3252dc32fc218712" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-26-220/", "reference_id": "ZDI-26-220", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T18:24:23Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-220/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026171?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068122?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u10" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068117?format=api", "purl": "pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.0.4-3%252Bdeb13u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/994911?format=api", "purl": "pkg:deb/debian/gimp@3.2.2-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.2-1" } ], "aliases": [ "CVE-2026-4153" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ney7-z8qy-kuce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/267400?format=api", "vulnerability_id": "VCID-va44-vsem-xuf5", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4151.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4151.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4151", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11044", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10835", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10892", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.1096", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11006", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19603", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19651", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19544", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19508", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20973", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4151" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4151", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4151" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/09e5459de913172fc51da3bd6b6adc533acd368e", "reference_id": "09e5459de913172fc51da3bd6b6adc533acd368e", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:24:45Z/" } ], "url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/09e5459de913172fc51da3bd6b6adc533acd368e" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457532", "reference_id": "2457532", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457532" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-26-218/", "reference_id": "ZDI-26-218", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:24:45Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-218/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026171?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068122?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u10" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068117?format=api", "purl": "pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.0.4-3%252Bdeb13u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/994911?format=api", "purl": "pkg:deb/debian/gimp@3.2.2-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.2-1" } ], "aliases": [ "CVE-2026-4151" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-va44-vsem-xuf5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/352166?format=api", "vulnerability_id": "VCID-wkrp-v537-x3hy", "summary": "gimp: GIMP: Arbitrary code execution or denial of service via buffer overflow in GIF image processing", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6384.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6384.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6384", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01285", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02145", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02104", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01955", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01957", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02111", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6384" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6384", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6384" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458749", "reference_id": "2458749", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T19:31:26Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458749" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-6384", "reference_id": "CVE-2026-6384", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-15T19:31:26Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-6384" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026171?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068122?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u10" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068117?format=api", "purl": "pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.0.4-3%252Bdeb13u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/994911?format=api", "purl": "pkg:deb/debian/gimp@3.2.2-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.2-1" } ], "aliases": [ "CVE-2026-6384" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wkrp-v537-x3hy" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64452?format=api", "vulnerability_id": "VCID-1w47-u2aa-8uaj", "summary": "gimp: GIMP: Remote Code Execution via out-of-bounds write in XWD file parsing", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2045.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2045.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2045", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15169", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.1518", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15112", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15051", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.14951", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.1496", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15012", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.1505", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15052", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15236", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15041", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15129", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.1515", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17314", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.1745", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2045" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2045", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2045" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128604", "reference_id": "1128604", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128604" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441522", "reference_id": "2441522", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441522" }, { "reference_url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/68b27dfb1cbd9b3f22d7fa624dbab8647ee5f275", "reference_id": "68b27dfb1cbd9b3f22d7fa624dbab8647ee5f275", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-21T04:56:40Z/" } ], "url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/68b27dfb1cbd9b3f22d7fa624dbab8647ee5f275" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4173", "reference_id": "RHSA-2026:4173", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4173" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5113", "reference_id": "RHSA-2026:5113", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5113" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5388", "reference_id": "RHSA-2026:5388", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5388" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5389", "reference_id": "RHSA-2026:5389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5390", "reference_id": "RHSA-2026:5390", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5390" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5391", "reference_id": "RHSA-2026:5391", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5391" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5434", "reference_id": "RHSA-2026:5434", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5434" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5435", "reference_id": "RHSA-2026:5435", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5435" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5436", "reference_id": "RHSA-2026:5436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5437", "reference_id": "RHSA-2026:5437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5437" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-26-119/", "reference_id": "ZDI-26-119", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-21T04:56:40Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-119/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026170?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5" } ], "aliases": [ "CVE-2026-2045" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1w47-u2aa-8uaj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96594?format=api", "vulnerability_id": "VCID-2k57-pmhe-9uds", "summary": "GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FLI files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25100.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2761", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44407", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44705", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44601", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44608", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44528", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44725", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44662", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44715", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44717", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44734", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44702", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44703", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44758", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44751", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00221", "scoring_system": "epss", "scoring_elements": "0.44681", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2761" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2761", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2761" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://usn.ubuntu.com/8057-1/", "reference_id": "USN-8057-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8057-1/" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-25-204/", "reference_id": "ZDI-25-204", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T18:21:41Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-204/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026170?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5" } ], "aliases": [ "CVE-2025-2761" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2k57-pmhe-9uds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64643?format=api", "vulnerability_id": "VCID-2p8s-2h2y-aqg4", "summary": "gimp: GIMP: Denial of service via crafted PSP image file", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2271.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2271.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2271", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15529", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15659", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.28067", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.28012", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.28015", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27972", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27913", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27924", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27906", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27864", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.28109", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27903", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.2797", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.33972", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.33991", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2271" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2271", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2271" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127841", "reference_id": "1127841", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127841" }, { "reference_url": "https://gitlab.gnome.org/GNOME/gimp/-/issues/15732", "reference_id": "15732", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T19:52:36Z/" } ], "url": "https://gitlab.gnome.org/GNOME/gimp/-/issues/15732" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438429", "reference_id": "2438429", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T19:52:36Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438429" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-2271", "reference_id": "CVE-2026-2271", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T19:52:36Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-2271" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026170?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5" } ], "aliases": [ "CVE-2026-2271" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2p8s-2h2y-aqg4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64891?format=api", "vulnerability_id": "VCID-2yr2-zppt-47eq", "summary": "gimp: heap-based buffer overflow via specially crafted PSP file", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15059.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15059.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-15059", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13072", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.12733", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.12835", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.12838", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.12936", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.1296", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.12822", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13125", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.12927", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13006", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13058", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.1302", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.1298", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.12934", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-15059" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15059", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15059" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/03575ac8cbb0ef3103b0a15d6598475088dcc15e", "reference_id": "03575ac8cbb0ef3103b0a15d6598475088dcc15e", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-23T19:49:18Z/" } ], "url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/03575ac8cbb0ef3103b0a15d6598475088dcc15e" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126267", "reference_id": "1126267", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126267" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2432296", "reference_id": "2432296", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2432296" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2707", "reference_id": "RHSA-2026:2707", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2707" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2930", "reference_id": "RHSA-2026:2930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2950", "reference_id": "RHSA-2026:2950", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2950" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2953", "reference_id": "RHSA-2026:2953", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2953" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2969", "reference_id": "RHSA-2026:2969", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2969" }, { "reference_url": "https://usn.ubuntu.com/8057-1/", "reference_id": "USN-8057-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8057-1/" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1196/", "reference_id": "ZDI-25-1196", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-23T19:49:18Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1196/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026170?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5" } ], "aliases": [ "CVE-2025-15059" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2yr2-zppt-47eq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62047?format=api", "vulnerability_id": "VCID-3sqk-cbwn-tqa7", "summary": "Multiple vulnerabilities have been discovered in GIMP, the worst of which can lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32990.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32990.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-32990", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32677", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32713", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32533", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32581", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32607", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32609", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32571", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32544", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32559", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32528", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32358", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32243", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32157", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32016", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-32990" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32990", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32990" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103202", "reference_id": "2103202", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103202" }, { "reference_url": "https://security.gentoo.org/glsa/202501-02", "reference_id": "GLSA-202501-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7978", "reference_id": "RHSA-2022:7978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7978" }, { "reference_url": "https://usn.ubuntu.com/6521-1/", "reference_id": "USN-6521-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6521-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026170?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5" } ], "aliases": [ "CVE-2022-32990" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3sqk-cbwn-tqa7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96592?format=api", "vulnerability_id": "VCID-81y4-4cxp-bybu", "summary": "GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25082.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2760", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63754", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63674", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63726", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63744", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63757", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.637", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.6366", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63712", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63729", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63743", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63728", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.63695", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.6373", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00451", "scoring_system": "epss", "scoring_elements": "0.6374", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2760" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2760", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2760" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107758", "reference_id": "1107758", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107758" }, { "reference_url": "https://usn.ubuntu.com/8075-1/", "reference_id": "USN-8075-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8075-1/" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-25-203/", "reference_id": "ZDI-25-203", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T18:26:53Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-203/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026170?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5" } ], "aliases": [ "CVE-2025-2760" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-81y4-4cxp-bybu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69459?format=api", "vulnerability_id": "VCID-99yx-7yr3-dfht", "summary": "gimp: GIMP ICO File Parsing Integer Overflow", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5473.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5473.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5473", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01642", "scoring_system": "epss", "scoring_elements": "0.81894", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01642", "scoring_system": "epss", "scoring_elements": "0.82046", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01642", "scoring_system": "epss", "scoring_elements": "0.81986", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01642", "scoring_system": "epss", "scoring_elements": "0.81988", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01642", "scoring_system": "epss", "scoring_elements": "0.82011", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01642", "scoring_system": "epss", "scoring_elements": "0.82022", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01642", "scoring_system": "epss", "scoring_elements": "0.82027", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01642", "scoring_system": "epss", "scoring_elements": "0.81917", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01642", "scoring_system": "epss", "scoring_elements": "0.81913", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01642", "scoring_system": "epss", "scoring_elements": "0.81939", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01642", "scoring_system": "epss", "scoring_elements": "0.81947", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01642", "scoring_system": "epss", "scoring_elements": "0.81967", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01642", "scoring_system": "epss", "scoring_elements": "0.81956", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01642", "scoring_system": "epss", "scoring_elements": "0.8195", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5473" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105005", "reference_id": "1105005", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105005" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370867", "reference_id": "2370867", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370867" }, { "reference_url": "https://www.gimp.org/news/2025/05/18/gimp-3-0-4-released/#general-bugfixes", "reference_id": "#general-bugfixes", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T16:48:26Z/" } ], "url": "https://www.gimp.org/news/2025/05/18/gimp-3-0-4-released/#general-bugfixes" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9162", "reference_id": "RHSA-2025:9162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9162" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9165", "reference_id": "RHSA-2025:9165", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9308", "reference_id": "RHSA-2025:9308", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9308" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9309", "reference_id": "RHSA-2025:9309", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9309" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9310", "reference_id": "RHSA-2025:9310", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9310" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9314", "reference_id": "RHSA-2025:9314", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9314" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9315", "reference_id": "RHSA-2025:9315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9316", "reference_id": "RHSA-2025:9316", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9316" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9501", "reference_id": "RHSA-2025:9501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9501" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9569", "reference_id": "RHSA-2025:9569", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9569" }, { "reference_url": "https://usn.ubuntu.com/8082-1/", "reference_id": "USN-8082-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8082-1/" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-25-321/", "reference_id": "ZDI-25-321", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T16:48:26Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-321/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026170?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5" } ], "aliases": [ "CVE-2025-5473" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-99yx-7yr3-dfht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69446?format=api", "vulnerability_id": "VCID-bhsc-qy1f-27dj", "summary": "gimp: Gimp Integer Overflow", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6035.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6035.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6035", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02243", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.0224", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02245", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02242", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10482", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.1046", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10329", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10291", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10301", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10485", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10516", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12887", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.1277", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12875", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.1291", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6035" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6035", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6035" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.gnome.org/GNOME/gimp/-/issues/13518", "reference_id": "13518", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T15:40:56Z/" } ], "url": "https://gitlab.gnome.org/GNOME/gimp/-/issues/13518" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372515", "reference_id": "2372515", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T15:40:56Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372515" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-6035", "reference_id": "CVE-2025-6035", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T15:40:56Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-6035" }, { "reference_url": "https://usn.ubuntu.com/8082-1/", "reference_id": "USN-8082-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8082-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026170?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5" } ], "aliases": [ "CVE-2025-6035" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bhsc-qy1f-27dj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/351414?format=api", "vulnerability_id": "VCID-d967-53mv-13b6", "summary": "GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28863.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4152.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4152.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4152", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09897", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09931", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.0989", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09772", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09855", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18106", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18062", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18012", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.17954", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.1934", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4152" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4152", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4152" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457533", "reference_id": "2457533", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457533" }, { "reference_url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/f64c9c23ba3c37dc7b875a9fb477c23953b4666e", "reference_id": "f64c9c23ba3c37dc7b875a9fb477c23953b4666e", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:24:03Z/" } ], "url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/f64c9c23ba3c37dc7b875a9fb477c23953b4666e" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-26-219/", "reference_id": "ZDI-26-219", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:24:03Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-219/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026170?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026171?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068122?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u10" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068117?format=api", "purl": "pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.0.4-3%252Bdeb13u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/994911?format=api", "purl": "pkg:deb/debian/gimp@3.2.2-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.2-1" } ], "aliases": [ "CVE-2026-4152" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d967-53mv-13b6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62046?format=api", "vulnerability_id": "VCID-dav9-9ar6-gkbn", "summary": "Multiple vulnerabilities have been discovered in GIMP, the worst of which can lead to arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30067.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30067.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30067", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.29029", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.29079", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28888", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28956", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28998", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.29002", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28958", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28908", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28932", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28861", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28743", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28631", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28562", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28404", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30067" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30067", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30067" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087591", "reference_id": "2087591", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087591" }, { "reference_url": "https://security.gentoo.org/glsa/202501-02", "reference_id": "GLSA-202501-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202501-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7978", "reference_id": "RHSA-2022:7978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7978" }, { "reference_url": "https://usn.ubuntu.com/6521-1/", "reference_id": "USN-6521-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6521-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026170?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5" } ], "aliases": [ "CVE-2022-30067" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dav9-9ar6-gkbn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/267399?format=api", "vulnerability_id": "VCID-dkmg-nu4f-xbay", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4150.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4150.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4150", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11044", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10835", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10892", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.1096", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11006", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19603", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19651", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19544", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19508", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20973", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4150" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4150", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4150" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/00afdabdadeb5457fd897878b1e5aebc3780af10", "reference_id": "00afdabdadeb5457fd897878b1e5aebc3780af10", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:25:13Z/" } ], "url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/00afdabdadeb5457fd897878b1e5aebc3780af10" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457535", "reference_id": "2457535", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457535" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-26-217/", "reference_id": "ZDI-26-217", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:25:13Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-217/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026170?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026171?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068122?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u10" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068117?format=api", "purl": "pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.0.4-3%252Bdeb13u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/994911?format=api", "purl": "pkg:deb/debian/gimp@3.2.2-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.2-1" } ], "aliases": [ "CVE-2026-4150" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dkmg-nu4f-xbay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69509?format=api", "vulnerability_id": "VCID-dtpr-ndvm-5udg", "summary": "gimp: Multiple heap buffer overflows in TGA parser", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48797.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48797.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48797", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.23882", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24168", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24045", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24033", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.23991", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24345", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24378", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24161", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24228", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24271", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24288", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24245", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24188", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24204", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24191", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48797" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48797", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48797" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.gnome.org/GNOME/gimp/-/issues/11822", "reference_id": "11822", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:22:32Z/" } ], "url": "https://gitlab.gnome.org/GNOME/gimp/-/issues/11822" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368558", "reference_id": "2368558", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:22:32Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368558" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream", "reference_id": "cpe:/a:redhat:rhel_aus:8.2::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream", "reference_id": "cpe:/a:redhat:rhel_aus:8.4::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream", "reference_id": "cpe:/a:redhat:rhel_aus:8.6::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:8.6::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:8.8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:9.0::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:9.2::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream", "reference_id": "cpe:/a:redhat:rhel_tus:8.6::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream", "reference_id": "cpe:/a:redhat:rhel_tus:8.8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7", "reference_id": "cpe:/o:redhat:rhel_els:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-48797", "reference_id": "CVE-2025-48797", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:22:32Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-48797" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9162", "reference_id": "RHSA-2025:9162", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:22:32Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:9162" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9165", "reference_id": "RHSA-2025:9165", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:22:32Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:9165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9308", "reference_id": "RHSA-2025:9308", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:22:32Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:9308" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9309", "reference_id": "RHSA-2025:9309", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:22:32Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:9309" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9310", "reference_id": "RHSA-2025:9310", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:22:32Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:9310" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9314", "reference_id": "RHSA-2025:9314", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:22:32Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:9314" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9315", "reference_id": "RHSA-2025:9315", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:22:32Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:9315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9316", "reference_id": "RHSA-2025:9316", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:22:32Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:9316" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9501", "reference_id": "RHSA-2025:9501", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:22:32Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:9501" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9569", "reference_id": "RHSA-2025:9569", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:22:32Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:9569" }, { "reference_url": "https://usn.ubuntu.com/8075-1/", "reference_id": "USN-8075-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8075-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026170?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5" } ], "aliases": [ "CVE-2025-48797" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dtpr-ndvm-5udg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66658?format=api", "vulnerability_id": "VCID-gdxp-wy9y-m3h1", "summary": "gimp: GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10922.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10922.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10922", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23186", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23142", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22975", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25521", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25772", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25744", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25689", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.2568", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25632", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25821", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25873", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25883", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25842", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25786", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25789", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10922" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10922", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10922" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116459", "reference_id": "1116459", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116459" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407188", "reference_id": "2407188", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407188" }, { "reference_url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/3d909166463731e94dfe62042d76225ecfc4c1e4", "reference_id": "3d909166463731e94dfe62042d76225ecfc4c1e4", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-30T03:56:09Z/" } ], "url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/3d909166463731e94dfe62042d76225ecfc4c1e4" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21968", "reference_id": "RHSA-2025:21968", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21968" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22417", "reference_id": "RHSA-2025:22417", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22417" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22445", "reference_id": "RHSA-2025:22445", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22445" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22496", "reference_id": "RHSA-2025:22496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22497", "reference_id": "RHSA-2025:22497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22498", "reference_id": "RHSA-2025:22498", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22498" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22866", "reference_id": "RHSA-2025:22866", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22866" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23857", "reference_id": "RHSA-2025:23857", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23857" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0027", "reference_id": "RHSA-2026:0027", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0027" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0250", "reference_id": "RHSA-2026:0250", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0250" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0356", "reference_id": "RHSA-2026:0356", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0356" }, { "reference_url": "https://usn.ubuntu.com/8057-1/", "reference_id": "USN-8057-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8057-1/" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-25-911/", "reference_id": "ZDI-25-911", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-30T03:56:09Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-911/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026170?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5" } ], "aliases": [ "CVE-2025-10922" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gdxp-wy9y-m3h1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65827?format=api", "vulnerability_id": "VCID-hrab-t25s-5ybg", "summary": "gimp: GIMP: Remote Code Execution via JP2 file parsing heap-based buffer overflow", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14425.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14425.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14425", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28681", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28642", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.2873", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28536", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28601", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28643", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28599", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28551", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28571", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28546", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28498", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35099", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.34977", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35201", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35178", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14425" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14425", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14425" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2424767", "reference_id": "2424767", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2424767" }, { "reference_url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/cd1c88a0364ad1444c06536731972a99bd8643fd", "reference_id": "cd1c88a0364ad1444c06536731972a99bd8643fd", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-02T14:03:55Z/" } ], "url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/cd1c88a0364ad1444c06536731972a99bd8643fd" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0914", "reference_id": "RHSA-2026:0914", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0914" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1511", "reference_id": "RHSA-2026:1511", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1511" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1585", "reference_id": "RHSA-2026:1585", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1585" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1586", "reference_id": "RHSA-2026:1586", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1586" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1587", "reference_id": "RHSA-2026:1587", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1587" }, { "reference_url": "https://usn.ubuntu.com/8057-1/", "reference_id": "USN-8057-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8057-1/" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1139/", "reference_id": "ZDI-25-1139", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-02T14:03:55Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1139/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026170?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5" } ], "aliases": [ "CVE-2025-14425" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hrab-t25s-5ybg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64455?format=api", "vulnerability_id": "VCID-jy45-8uuz-y7bf", "summary": "gimp: GIMP: Remote Code Execution via ICO File Parsing Vulnerability", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0797.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0797.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0797", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11075", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.1109", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11061", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11039", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10893", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10903", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.1102", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10978", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10932", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11138", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10958", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11036", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11093", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.12733", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.12822", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-0797" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0797", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0797" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128601", "reference_id": "1128601", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128601" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441524", "reference_id": "2441524", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441524" }, { "reference_url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/69cc6b1a6645dc9c4d7b484483dbe6a84b922b9c", "reference_id": "69cc6b1a6645dc9c4d7b484483dbe6a84b922b9c", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:45Z/" } ], "url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/69cc6b1a6645dc9c4d7b484483dbe6a84b922b9c" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4173", "reference_id": "RHSA-2026:4173", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4173" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5113", "reference_id": "RHSA-2026:5113", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5113" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5388", "reference_id": "RHSA-2026:5388", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5388" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5389", "reference_id": "RHSA-2026:5389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5390", "reference_id": "RHSA-2026:5390", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5390" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5391", "reference_id": "RHSA-2026:5391", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5391" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5434", "reference_id": "RHSA-2026:5434", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5434" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5435", "reference_id": "RHSA-2026:5435", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5435" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5436", "reference_id": "RHSA-2026:5436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5437", "reference_id": "RHSA-2026:5437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5437" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-26-050/", "reference_id": "ZDI-26-050", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:45Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-050/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026170?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5" } ], "aliases": [ "CVE-2026-0797" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jy45-8uuz-y7bf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69508?format=api", "vulnerability_id": "VCID-krn9-65fh-sqgq", "summary": "gimp: Multiple use after free in XCF parser", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48798.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48798.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48798", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.23882", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24345", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24191", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24168", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24045", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24033", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.23991", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24378", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24161", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24228", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24271", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24288", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24245", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24188", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24204", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48798" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.gnome.org/GNOME/gimp/-/issues/11822", "reference_id": "11822", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:21:28Z/" } ], "url": "https://gitlab.gnome.org/GNOME/gimp/-/issues/11822" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368557", "reference_id": "2368557", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:21:28Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368557" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream", "reference_id": "cpe:/a:redhat:rhel_aus:8.2::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream", "reference_id": "cpe:/a:redhat:rhel_aus:8.4::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream", "reference_id": "cpe:/a:redhat:rhel_aus:8.6::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:8.6::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:8.8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:9.0::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:9.2::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream", "reference_id": "cpe:/a:redhat:rhel_tus:8.6::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream", "reference_id": "cpe:/a:redhat:rhel_tus:8.8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7", "reference_id": "cpe:/o:redhat:rhel_els:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-48798", "reference_id": "CVE-2025-48798", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:21:28Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-48798" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9162", "reference_id": "RHSA-2025:9162", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:21:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:9162" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9165", "reference_id": "RHSA-2025:9165", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:21:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:9165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9308", "reference_id": "RHSA-2025:9308", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:21:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:9308" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9309", "reference_id": "RHSA-2025:9309", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:21:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:9309" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9310", "reference_id": "RHSA-2025:9310", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:21:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:9310" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9314", "reference_id": "RHSA-2025:9314", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:21:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:9314" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9315", "reference_id": "RHSA-2025:9315", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:21:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:9315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9316", "reference_id": "RHSA-2025:9316", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:21:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:9316" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9501", "reference_id": "RHSA-2025:9501", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:21:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:9501" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9569", "reference_id": "RHSA-2025:9569", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-27T14:21:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:9569" }, { "reference_url": "https://usn.ubuntu.com/8075-1/", "reference_id": "USN-8075-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8075-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026170?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5" } ], "aliases": [ "CVE-2025-48798" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-krn9-65fh-sqgq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/267401?format=api", "vulnerability_id": "VCID-ney7-z8qy-kuce", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4153.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4153.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4153", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18062", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18012", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.17954", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18106", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19354", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.1934", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19096", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19202", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19242", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19253", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4153" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4153", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4153" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457536", "reference_id": "2457536", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457536" }, { "reference_url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/98cb1371fd4e22cca75017ea3252dc32fc218712", "reference_id": "98cb1371fd4e22cca75017ea3252dc32fc218712", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T18:24:23Z/" } ], "url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/98cb1371fd4e22cca75017ea3252dc32fc218712" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-26-220/", "reference_id": "ZDI-26-220", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T18:24:23Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-220/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026170?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026171?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068122?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u10" }, { "url": "http://public2.vulnerablecode.io/api/packages/1068117?format=api", "purl": "pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.0.4-3%252Bdeb13u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/994911?format=api", "purl": "pkg:deb/debian/gimp@3.2.2-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.2-1" } ], "aliases": [ "CVE-2026-4153" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ney7-z8qy-kuce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64670?format=api", "vulnerability_id": "VCID-qsyr-7tn1-uyhv", "summary": "gimp: GIMP: Application crash (DoS) via crafted PSD file due to heap-buffer-overflow", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2239.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2239.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2239", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01681", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06024", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06035", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06008", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06157", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06172", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06203", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05999", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05985", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06062", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06052", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06043", "published_at": "2026-04-12T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.0087", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2239" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2239", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2239" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127838", "reference_id": "1127838", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127838" }, { "reference_url": "https://gitlab.gnome.org/GNOME/gimp/-/issues/15812", "reference_id": "15812", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T11:29:11Z/" } ], "url": "https://gitlab.gnome.org/GNOME/gimp/-/issues/15812" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437675", "reference_id": "2437675", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T11:29:11Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437675" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-2239", "reference_id": "CVE-2026-2239", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T11:29:11Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-2239" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026170?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5" } ], "aliases": [ "CVE-2026-2239" ], "risk_score": 1.2, "exploitability": "0.5", "weighted_severity": "2.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qsyr-7tn1-uyhv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64450?format=api", "vulnerability_id": "VCID-rraw-1e9t-x3f3", "summary": "gimp: GIMP: Remote Code Execution via XWD file parsing vulnerability", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2048.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2048.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2048", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14621", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14649", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14569", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14509", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14401", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14402", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14474", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14507", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14505", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14691", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14502", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14591", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14608", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16736", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.1687", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2048" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2048", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2048" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128606", "reference_id": "1128606", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128606" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441527", "reference_id": "2441527", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441527" }, { "reference_url": "https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2586/diffs?commit_id=57712677007793118388c5be6fb8231f22a2b341", "reference_id": "diffs?commit_id=57712677007793118388c5be6fb8231f22a2b341", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-21T04:56:37Z/" } ], "url": "https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2586/diffs?commit_id=57712677007793118388c5be6fb8231f22a2b341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4173", "reference_id": "RHSA-2026:4173", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4173" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5113", "reference_id": "RHSA-2026:5113", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5113" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5388", "reference_id": "RHSA-2026:5388", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5388" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5389", "reference_id": "RHSA-2026:5389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5390", "reference_id": "RHSA-2026:5390", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5390" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5391", "reference_id": "RHSA-2026:5391", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5391" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5434", "reference_id": "RHSA-2026:5434", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5434" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5435", "reference_id": "RHSA-2026:5435", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5435" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5436", "reference_id": "RHSA-2026:5436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5437", "reference_id": "RHSA-2026:5437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5437" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-26-121/", "reference_id": "ZDI-26-121", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-21T04:56:37Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-121/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026170?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5" } ], "aliases": [ "CVE-2026-2048" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rraw-1e9t-x3f3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65830?format=api", "vulnerability_id": "VCID-tth9-nncy-5qap", "summary": "gimp: GIMP: Remote Code Execution via PNM file parsing integer overflow", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14422.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14422.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14422", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30228", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.3019", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30277", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30094", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30154", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30193", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.3015", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.301", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30115", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30097", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30052", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.36878", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.36762", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.36997", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.36965", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14422" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14422", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14422" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2424766", "reference_id": "2424766", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2424766" }, { "reference_url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/4ff2d773d58064e6130495de498e440f4a6d5edb", "reference_id": "4ff2d773d58064e6130495de498e440f4a6d5edb", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-01T04:55:23Z/" } ], "url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/4ff2d773d58064e6130495de498e440f4a6d5edb" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0914", "reference_id": "RHSA-2026:0914", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0914" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1511", "reference_id": "RHSA-2026:1511", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1511" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1574", "reference_id": "RHSA-2026:1574", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1574" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1584", "reference_id": "RHSA-2026:1584", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1584" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1585", "reference_id": "RHSA-2026:1585", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1585" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1586", "reference_id": "RHSA-2026:1586", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1586" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1587", "reference_id": "RHSA-2026:1587", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1587" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1588", "reference_id": "RHSA-2026:1588", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1588" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1589", "reference_id": "RHSA-2026:1589", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1589" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1590", "reference_id": "RHSA-2026:1590", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1590" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1591", "reference_id": "RHSA-2026:1591", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1591" }, { "reference_url": "https://usn.ubuntu.com/8075-1/", "reference_id": "USN-8075-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8075-1/" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1136/", "reference_id": "ZDI-25-1136", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-01T04:55:23Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-1136/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026170?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5" } ], "aliases": [ "CVE-2025-14422" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tth9-nncy-5qap" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64453?format=api", "vulnerability_id": "VCID-ubet-venh-tqct", "summary": "gimp: GIMP: Remote Code Execution via uninitialized memory in PGM file parsing", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2044.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2044.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2044", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11793", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11764", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11736", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11711", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11573", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11575", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11699", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11658", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11618", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11836", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11624", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11709", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11775", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13483", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13574", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2044" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2044", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2044" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441521", "reference_id": "2441521", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441521" }, { "reference_url": "https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2569/diffs?commit_id=112a5e038f0646eae5ae314988ec074433d2b365", "reference_id": "diffs?commit_id=112a5e038f0646eae5ae314988ec074433d2b365", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-21T04:56:42Z/" } ], "url": "https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2569/diffs?commit_id=112a5e038f0646eae5ae314988ec074433d2b365" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4173", "reference_id": "RHSA-2026:4173", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4173" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5113", "reference_id": "RHSA-2026:5113", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5113" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5388", "reference_id": "RHSA-2026:5388", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5388" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5389", "reference_id": "RHSA-2026:5389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5390", "reference_id": "RHSA-2026:5390", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5390" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5391", "reference_id": "RHSA-2026:5391", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5391" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5434", "reference_id": "RHSA-2026:5434", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5434" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5435", "reference_id": "RHSA-2026:5435", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5435" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5436", "reference_id": "RHSA-2026:5436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5437", "reference_id": "RHSA-2026:5437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5437" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-26-118/", "reference_id": "ZDI-26-118", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-21T04:56:42Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-118/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026170?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5" } ], "aliases": [ "CVE-2026-2044" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ubet-venh-tqct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64642?format=api", "vulnerability_id": "VCID-uujf-3fhp-8fgg", "summary": "gimp: GIMP: Memory corruption due to integer overflow in ICO file handling", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2272.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2272.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2272", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.0794", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07972", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24277", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24115", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24129", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24253", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.2446", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24243", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24309", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24352", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.2437", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24328", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24271", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24288", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24729", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2272" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2272", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2272" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127842", "reference_id": "1127842", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127842" }, { "reference_url": "https://gitlab.gnome.org/GNOME/gimp/-/issues/15617", "reference_id": "15617", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T13:43:56Z/" } ], "url": "https://gitlab.gnome.org/GNOME/gimp/-/issues/15617" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438428", "reference_id": "2438428", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T13:43:56Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438428" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-2272", "reference_id": "CVE-2026-2272", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T13:43:56Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-2272" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026170?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5" } ], "aliases": [ "CVE-2026-2272" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uujf-3fhp-8fgg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47242?format=api", "vulnerability_id": "VCID-z2up-g7ms-gfg2", "summary": "A vulnerability has been discovered in GIMP, which can lead to execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10934.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10934.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10934", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18293", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18241", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.17996", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20804", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21091", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.2107", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20942", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20945", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20913", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21113", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21174", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21184", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21142", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.2109", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21081", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10934", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10934" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119661", "reference_id": "1119661", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119661" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407233", "reference_id": "2407233", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407233" }, { "reference_url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/5c3e2122d53869599d77ef0f1bdece117b24fd7c", "reference_id": "5c3e2122d53869599d77ef0f1bdece117b24fd7c", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-30T03:56:07Z/" } ], "url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/5c3e2122d53869599d77ef0f1bdece117b24fd7c" }, { "reference_url": "https://security.gentoo.org/glsa/202601-03", "reference_id": "GLSA-202601-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202601-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21968", "reference_id": "RHSA-2025:21968", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21968" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22417", "reference_id": "RHSA-2025:22417", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22417" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22445", "reference_id": "RHSA-2025:22445", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22445" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22496", "reference_id": "RHSA-2025:22496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22497", "reference_id": "RHSA-2025:22497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22498", "reference_id": "RHSA-2025:22498", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22498" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22866", "reference_id": "RHSA-2025:22866", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22866" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23857", "reference_id": "RHSA-2025:23857", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23857" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0027", "reference_id": "RHSA-2026:0027", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0027" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0250", "reference_id": "RHSA-2026:0250", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0250" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0356", "reference_id": "RHSA-2026:0356", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0356" }, { "reference_url": "https://usn.ubuntu.com/8075-1/", "reference_id": "USN-8075-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8075-1/" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-25-978/", "reference_id": "ZDI-25-978", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-30T03:56:07Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-978/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1026170?format=api", "purl": "pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hm4-srhz-tqhb" }, { "vulnerability": "VCID-9v2z-2myu-bfd3" }, { "vulnerability": "VCID-d967-53mv-13b6" }, { "vulnerability": "VCID-dkmg-nu4f-xbay" }, { "vulnerability": "VCID-fraw-9hj8-vbhs" }, { "vulnerability": "VCID-gfzg-1hvp-5ugd" }, { "vulnerability": "VCID-hj85-sup9-abft" }, { "vulnerability": "VCID-ney7-z8qy-kuce" }, { "vulnerability": "VCID-va44-vsem-xuf5" }, { "vulnerability": "VCID-wkrp-v537-x3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5" } ], "aliases": [ "CVE-2025-10934" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z2up-g7ms-gfg2" } ], "risk_score": "4.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5" }