CVE-2025-48796: 
GIMP vulnerability analysis and mitigation

CVE-2025-48796 is a critical vulnerability discovered in GIMP's aniloadimage() function, affecting versions prior to 2.99.16. The vulnerability was disclosed on May 27, 2025, and affects the image processing application's handling of ANI files. This stack-based buffer overflow vulnerability impacts multiple Linux distributions including Red Hat Enterprise Linux 6, 7, 8, 9, and various Debian versions (NVD, Wiz).

The vulnerability is classified as a stack-based buffer overflow (CWE-121) with a CVSS v3.1 base score of 7.3 (HIGH). The attack vector requires local access (AV:L), low attack complexity (AC:L), low privileges (PR:L), and user interaction (UI:R). The scope is unchanged (S:U) with high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H). The vulnerability specifically occurs in the aniloadimage() function when processing ANI files, where the application can be manipulated to store more information than the buffer capacity allows (NVD, Wiz).

If successfully exploited, this vulnerability allows attackers to execute arbitrary code through specially crafted ANI files. The high severity rating indicates potential complete compromise of system confidentiality, integrity, and availability. The vulnerability affects multiple versions of GIMP across various Linux distributions, making it a significant security concern for users of the application (Wiz).

Currently, there is no fix available for most affected versions, including Red Hat Enterprise Linux 6, 7, 8, and 9, as well as Debian 11 and 12. However, Debian 13 has received a security fix. Users are advised to exercise caution when opening ANI files from untrusted sources until patches become available (Wiz).