CVE-2025-2760: 
GIMP vulnerability analysis and mitigation

GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability (CVE-2025-2760) was discovered and disclosed on April 7th, 2025. The vulnerability affects GIMP installations and requires user interaction to exploit. The vulnerability was initially reported to the vendor on January 22nd, 2025, and was later fixed in GIMP 3.0.0 (Zero Day Initiative).

The vulnerability exists within the parsing of XWD files in GIMP. The specific flaw stems from the lack of proper validation of user-supplied data, which can result in an integer overflow condition before allocating a buffer. The vulnerability has been assigned a CVSS v3.0 base score of 7.8 HIGH with the vector string: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (Zero Day Initiative).

If successfully exploited, this vulnerability allows attackers to execute arbitrary code in the context of the current process on affected GIMP installations. The high CVSS score indicates severe potential impacts on system confidentiality, integrity, and availability (Zero Day Initiative).

The vulnerability has been fixed in GIMP version 3.0.0, released on March 16th, 2025. Users are advised to upgrade to this version to mitigate the vulnerability (Zero Day Initiative).