gimp-3.0.4-1.el9_7.2

エラータID: AXSA:2026-085:01

リリース日: 
2026/01/27 Tuesday - 20:29
題名: 
gimp-3.0.4-1.el9_7.2
影響のあるチャネル: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

以下項目について対処しました。

[Security Fix]
- GIMP の PNM ファイルの解析処理には、整数オーバーフローの問題が
あるため、ローカルの攻撃者により、任意のコードの実行を可能とする
脆弱性が存在します。(CVE-2025-14422)

- GIMP の LBM ファイルの解析処理には、スタックベースのバッファ
オーバーフローの問題があるため、ローカルの攻撃者により、任意の
コードの実行を可能とする脆弱性が存在します。(CVE-2025-14423)

- GIMP の XCF ファイルの解析処理には、メモリ領域の解放後利用の
問題があるため、ローカルの攻撃者により、任意のコードの実行を可能
とする脆弱性が存在します。(CVE-2025-14424)

- GIMP の JP2 ファイルの解析処理には、ヒープベースのバッファ
オーバーフローの問題があるため、ローカルの攻撃者により、任意の
コードの実行を可能とする脆弱性が存在します。(CVE-2025-14425)

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2025-14422
GIMP PNM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PNM files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28273.
CVE-2025-14423
GIMP LBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of LBM files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28311.
CVE-2025-14424
GIMP XCF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XCF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28376.
CVE-2025-14425
GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28248.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. gimp-3.0.4-1.el9_7.2.src.rpm
    MD5: d6dced16f5b99fa773abfce0bf09cfe3
    SHA-256: aae9b3de8f630f0adee0f090fbb1e0150ed0234cb9a901c9c080ed2022e69c97
    Size: 25.86 MB

Asianux Server 9 for x86_64
  1. gimp-3.0.4-1.el9_7.2.x86_64.rpm
    MD5: 1304e002d3ab7e59861167a25f9c3ba2
    SHA-256: ce1d8b64b6310277afa22de62677fdb3939aaf46e762ff703f68529b8ad7f015
    Size: 20.91 MB
  2. gimp-libs-3.0.4-1.el9_7.2.i686.rpm
    MD5: 092eb00f74d790279daf8d279180e7e3
    SHA-256: eab2ad126b4eabcc2c7e428b32821df2cc2f2e7bf8eb99300e041ab7cf6fdff9
    Size: 850.69 kB
  3. gimp-libs-3.0.4-1.el9_7.2.x86_64.rpm
    MD5: bb9bcfcbfca7445377a6722f28723998
    SHA-256: 9df78eab54894ffd0535e410680c6810e2f1c4a269bf32e415647a544a6411d6
    Size: 801.85 kB