CVE-2025-48798: 
Alma Linux vulnerability analysis and mitigation

CVE-2025-48798 is a security vulnerability discovered in GIMP's XCF parser component, disclosed on May 26, 2025. The vulnerability affects the GIMP image editor when processing XCF files, which is GIMP's native image format. This high-severity vulnerability affects multiple versions of GIMP prior to version 3.0.0 (Wiz Security).

The vulnerability has been identified as a use-after-free vulnerability (CWE-416) in the XCF parser component of GIMP. Specifically, there are two use-after-free bugs and one double free bug in the parser. The vulnerability has been assigned a CVSS v3.1 Base Score of 7.3, indicating high severity, with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H. The vulnerability requires local access with low attack complexity and user interaction (NVD, Red Hat Security).

When exploited, this vulnerability can lead to serious memory errors, potentially resulting in system crashes and arbitrary code execution. The impact is particularly significant when processing maliciously crafted XCF files, posing a substantial risk to systems where GIMP is installed and used to process untrusted XCF files (Wiz Security).

Users are advised to monitor for and apply security updates as they become available through their respective package management systems. The vulnerability affects multiple versions of GIMP prior to version 3.0.0, and users should upgrade to a patched version when available (Wiz Security).