CVE-2025-48797: 
Linux Debian vulnerability analysis and mitigation

CVE-2025-48797 is a security vulnerability affecting the TGA parser in GIMP software, discovered and disclosed on May 26, 2025. The vulnerability involves multiple heap buffer overflows in the TGA parser component. This issue affects multiple versions of GIMP across different Red Hat Enterprise Linux distributions, including versions 8 and 9 (Red Hat CVE).

The vulnerability has been classified with a CVSS v3.1 score of 7.3 (High severity) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H. The vulnerability is categorized as CWE-122, which relates to heap-based buffer overflow issues. The technical assessment indicates that the vulnerability exists in the TGA (Truevision Graphics Adapter) parser component of GIMP, potentially allowing for memory corruption through heap buffer overflows (Red Hat CVE).

The vulnerability can lead to high impacts on confidentiality, integrity, and availability of the affected systems. With a CVSS score of 7.3, it represents a significant security risk that could potentially allow attackers to execute arbitrary code, cause system crashes, or access sensitive information through exploitation of the heap buffer overflow (Red Hat CVE).

Currently, no mitigation is available for this vulnerability according to the Red Hat security advisory. The affected versions include GIMP 2.8 in Red Hat Enterprise Linux 8 and GIMP in Red Hat Enterprise Linux 9 (Red Hat CVE).