CVE-2025-14422 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2025-14422?

CVE-2025-14422 has a CVSS score of 7.8 (HIGH). This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious PNM image files in GIMP. The integer overflow during PNM file parsing enables buffer overflow attacks. All GIMP users who open untrusted PNM files are affected.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious PNM image files in GIMP. The integer overflow during PNM file parsing enables buffer overflow attacks. All GIMP users who open untrusted PNM files are affected.

💻 Affected Systems

Products:

GIMP (GNU Image Manipulation Program)

Versions: Versions before commit 4ff2d773d58064e6130495de498e440f4a6d5edb

Operating Systems: Linux, Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations of GIMP that support PNM file format are vulnerable.

📦 What is this software?

Gimp by Gimp

View all CVEs affecting Gimp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining the same privileges as the GIMP user, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Local privilege escalation or malware installation on the user's system when opening malicious PNM files from untrusted sources.

🟢

If Mitigated

No impact if users only open trusted files or GIMP is updated to patched version.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file). The ZDI advisory suggests working exploit exists but details aren't public.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: GIMP with commit 4ff2d773d58064e6130495de498e440f4a6d5edb or later

Vendor Advisory: https://gitlab.gnome.org/GNOME/gimp/-/commit/4ff2d773d58064e6130495de498e440f4a6d5edb

Restart Required: Yes

Instructions:

1. Update GIMP through your package manager (apt/yum/dnf/pacman) or official installer
2. Restart GIMP after update
3. Verify version includes the fix commit

🔧 Temporary Workarounds

Disable PNM file association

all

Remove PNM file type association with GIMP to prevent automatic opening

Linux: update-mime-database to remove .pnm association
Windows: Use 'Default Apps' settings to change PNM file handler

Sandbox GIMP execution

all

Run GIMP in restricted environment to limit exploit impact

Linux: firejail --net=none gimp
Windows: Use Windows Sandbox or similar

🧯 If You Can't Patch

Block PNM files at network perimeter/email filters
Implement application allowlisting to prevent unauthorized GIMP execution

🔍 How to Verify

Check if Vulnerable:

Check if GIMP version predates commit 4ff2d773d58064e6130495de498e440f4a6d5edb

Check Version:

gimp --version

Verify Fix Applied:

Verify GIMP version includes the fix commit or check PNM file parsing doesn't crash with test files

📡 Detection & Monitoring

Log Indicators:

GIMP crash logs with PNM file references
Unexpected process spawning from GIMP

Network Indicators:

PNM file downloads to user workstations
Outbound connections from GIMP process

SIEM Query:

Process:Name=gimp AND (FileExtension=.pnm OR FileExtension=.pbm OR FileExtension=.pgm OR FileExtension=.ppm)

📊 Metadata

CVE ID: CVE-2025-14422

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-190

EPSS Score: 0.1% exploit probability (27.9th percentile)

Published: December 23, 2025

Last Updated: January 20, 2026

🔗 References

https://gitlab.gnome.org/GNOME/gimp/-/commit/4ff2d773d58064e6130495de498e440f4a6d5edb Patch
https://www.zerodayinitiative.com/advisories/ZDI-25-1136/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-14422, you might also want to check these: