FERRAMENTAS LINUX: Critical GIMP Security Update: Patch CVE-2025-2761 Vulnerability Now

sábado, 17 de maio de 2025

Critical GIMP Security Update: Patch CVE-2025-2761 Vulnerability Now

Urgent GIMP security update fixes CVE-2025-2761, a critical FLI file parsing flaw affecting SUSE/openSUSE Linux. Learn how to patch your system now to prevent out-of-bounds write exploits and secure your workflow.

Severity: Moderate

Affected Systems: openSUSE Leap 15.4/15.6, SUSE Linux Enterprise 15 SP6

Why This Update Matters

A newly discovered vulnerability (CVE-2025-2761) in GIMP, the popular open-source image editor, could allow attackers to execute malicious code via specially crafted FLI files.

This security flaw, rated 6.1 (SUSE) to 7.8 (NVD) on the CVSS scale, poses a risk to systems running unpatched versions.

🔒 Key Risk: Unvalidated user input in FLI file parsing may lead to out-of-bounds memory writes, potentially compromising system stability and security.

Affected Products & Patch Instructions

🚨 Vulnerable Systems

openSUSE Leap 15.4 / 15.6
SUSE Linux Enterprise Desktop 15 SP6
SUSE Linux Enterprise Real Time 15 SP6
SUSE Linux Enterprise Server 15 SP6
SUSE Package Hub 15 SP6

🛠️ How to Apply the Fix

Install the latest security patch using one of these methods:

For openSUSE Leap 15.4

zypper in -t patch SUSE-2025-1571=1

For openSUSE Leap 15.6

zypper in -t patch openSUSE-SLE-15.6-2025-1571=1

For SUSE Linux Enterprise Workstation Extension 15 SP6

zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2025-1571=1

💡 Pro Tip: Always verify updates using SUSE’s official channels to avoid malware risks.

Technical Details & Risk Analysis

📌 CVE-2025-2761 Breakdown

CVSS v3.1 Score (SUSE): 6.1 (AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H)
CVSS v3.0 Score (NVD): 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Impact: Exploitation could lead to arbitrary code execution or system crashes.