CVE-2025-48796 – GIMP ANI File Stack-Based Overflow RCE Vulnerability

May 27, 2025

CVE ID : CVE-2025-48796

Published : May 27, 2025, 2:15 p.m. | 2 hours, 43 minutes ago

Description : A flaw was found in GIMP. The GIMP ani_load_image() function is vulnerable to a stack-based overflow. If a user opens.ANI files, GIMP may be used to store more information than the capacity allows. This flaw allows a malicious ANI file to trigger arbitrary code execution.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-48798 – GIMP XCF Image File Use-After-Free Vulnerability

Next Article CVE-2025-5272 – Firefox Memory Corruption Vulnerability

Highlights

CVE-2025-49581 – XWiki Macro Execution Arbitrary Code Execution Vulnerability

June 13, 2025

CVE ID : CVE-2025-49581

Published : June 13, 2025, 4:15 p.m. | 1 hour, 51 minutes ago

Description : XWiki is a generic wiki platform. Any user with edit right on a page (could be the user’s profile) can execute code (Groovy, Python, Velocity) with programming right by defining a wiki macro. This allows full access to the whole XWiki installation. The main problem is that if a wiki macro parameter allows wiki syntax, its default value is executed with the rights of the author of the document where it is used. This can be exploited by overriding a macro like the children macro that is used in a page that has programming right like the page XWiki.ChildrenMacro and thus allows arbitrary script macros. This vulnerability has been patched in XWiki 16.4.7, 16.10.3 and 17.0.0 by executing wiki parameters with the rights of the wiki macro’s author when the parameter’s value is the default value.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

In-House vs. Outsource Node.js Development Teams: 9 Key Differences for the C-Suite (2025)

Why Non-Native Content Designers Improve Global UX

DevOps won’t scale without platform engineering and here’s why your teams are still stuck

This week in AI dev tools: Slack’s enterprise search, Claude Code’s analytics dashboard, and more (July 18, 2025)

I ditched my Bluetooth speakers for this slick turntable – and it’s more practical than I thought

This split keyboard offers deep customization – if you’re willing to go all in

I spoke with an AI version of myself, thanks to Hume’s free tool – how to try it

I took a walk with Meta’s new Oakley smart glasses – they beat my Ray-Bans in every way

The details of TC39’s last meeting

The details of TC39’s last meeting

Simple wrapper for Chrome’s built-in local LLM (Gemini Nano)

Online Examination System using PHP and MySQL

Top 7 Computer Performance Test Tools Online (Free & Fast)

Top 7 Computer Performance Test Tools Online (Free & Fast)

10 Best Windows 11 Encryption Software

Google Chrome Is Testing Dynamic Country Detection for Region-Specific Features

CVE-2025-48796 – GIMP ANI File Stack-Based Overflow RCE Vulnerability

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

CVE-2025-52164 – Agorum Core Password Storage Vulnerability

Cisco IMC Vulnerability Attackers to Access Internal Services with Elevated Privileges

CVE-2025-5830 – Autel MaxiCharger AC Wallbox Commercial Heap-based Buffer Overflow Remote Code Execution Vulnerability

What Do You Want to Build?

CVE-2025-49581 – XWiki Macro Execution Arbitrary Code Execution Vulnerability

CVE-2025-5602 – Campcodes Hospital Management System SQL Injection Vulnerability

Lexi is a self-driven dictionary app

nsupdate.info – software used to implement a free dynamic DNS service

CVE-2025-48796 – GIMP ANI File Stack-Based Overflow RCE Vulnerability

Related Posts