Security update for gegl SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:4333-1 Final 1 1 2025-12-09T14:42:10Z current 2025-12-09T14:42:10Z 2025-12-09T14:42:10Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for gegl This update for gegl fixes the following issues: - CVE-2025-10921: Fixed HDR file parsing heap-based buffer overflow that can lead to remote code execution. (bsc#1250496) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-4333,SUSE-SLE-Product-WE-15-SP6-2025-4333,SUSE-SLE-Product-WE-15-SP7-2025-4333 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20254333-1/ Link for SUSE-SU-2025:4333-1 https://lists.suse.com/pipermail/sle-security-updates/2025-December/023450.html E-Mail link for SUSE-SU-2025:4333-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1250496 SUSE Bug 1250496 https://www.suse.com/security/cve/CVE-2025-10921/ SUSE CVE CVE-2025-10921 page SUSE Linux Enterprise Workstation Extension 15 SP6 SUSE Linux Enterprise Workstation Extension 15 SP7 gegl-0.3.34-150000.3.6.1 gegl-0_3-0.3.34-150000.3.6.1 gegl-0_3-lang-0.3.34-150000.3.6.1 gegl-devel-0.3.34-150000.3.6.1 gegl-doc-0.3.34-150000.3.6.1 libgegl-0_3-0-0.3.34-150000.3.6.1 typelib-1_0-Gegl-0_3-0.3.34-150000.3.6.1 gegl-0_3-0.3.34-150000.3.6.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP6 libgegl-0_3-0-0.3.34-150000.3.6.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP6 typelib-1_0-Gegl-0_3-0.3.34-150000.3.6.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP6 gegl-0_3-0.3.34-150000.3.6.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP7 libgegl-0_3-0-0.3.34-150000.3.6.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP7 typelib-1_0-Gegl-0_3-0.3.34-150000.3.6.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP7 GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of HDR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27803. CVE-2025-10921 SUSE Linux Enterprise Workstation Extension 15 SP6:gegl-0_3-0.3.34-150000.3.6.1 SUSE Linux Enterprise Workstation Extension 15 SP6:libgegl-0_3-0-0.3.34-150000.3.6.1 SUSE Linux Enterprise Workstation Extension 15 SP6:typelib-1_0-Gegl-0_3-0.3.34-150000.3.6.1 SUSE Linux Enterprise Workstation Extension 15 SP7:gegl-0_3-0.3.34-150000.3.6.1 SUSE Linux Enterprise Workstation Extension 15 SP7:libgegl-0_3-0-0.3.34-150000.3.6.1 SUSE Linux Enterprise Workstation Extension 15 SP7:typelib-1_0-Gegl-0_3-0.3.34-150000.3.6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254333-1/ https://www.suse.com/security/cve/CVE-2025-10921.html CVE-2025-10921 https://bugzilla.suse.com/1250496 SUSE Bug 1250496