CVE-2025-6035

Description

A flaw was found in GIMP. An integer overflow vulnerability exists in the GIMP "Despeckle" plug-in. The issue occurs due to unchecked multiplication of image dimensions, such as width, height, and bytes-per-pixel (img_bpp), which can result in allocating insufficient memory and subsequently performing out-of-bounds writes. This issue could lead to heap corruption, a potential denial of service (DoS), or arbitrary code execution in certain scenarios.

How to fix CVE-2025-6035

To remediate CVE-2025-6035, upgrade the affected package to a fixed version below.

—upgrade to 2.10.22-4+deb11u3 or later

Is CVE-2025-6035 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 2.10.22-4+deb11u3

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2025-6035