CVE-2025-5473: 
Alma Linux vulnerability analysis and mitigation

GIMP ICO File Parsing Integer Overflow Remote Code Execution Vulnerability (CVE-2025-5473) was discovered and disclosed in June 2025. The vulnerability affects GIMP installations and requires user interaction to exploit, specifically when opening malicious ICO files. The vulnerability was initially reported to the vendor on April 25, 2025, and was publicly disclosed on June 3, 2025 (ZDI Advisory).

The vulnerability exists within the parsing of ICO files in GIMP. The specific flaw results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. The vulnerability has been assigned a CVSS v3.0 base score of 7.8 (HIGH) with the vector string CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H and is classified as CWE-190 (Integer Overflow or Wraparound) (NVD).

An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process on affected installations of GIMP. The vulnerability requires user interaction, specifically the target must visit a malicious page or open a malicious file (ZDI Advisory).

GIMP has released version 3.0.4 which includes a fix for this vulnerability. Users are advised to upgrade to this version. The fix is documented in the GIMP 3.0.4 release notes where it's mentioned that the ZDI-CAN-26752 bug for .ICO imports has been fixed (GIMP Release).