CVE-2025-10921
A heap-based buffer-overflow in GIMP’s HDR RGBE file parsing CVE-2025-10921 / ZDI-25-910 allows an attacker to execute arbitrary code when a user opens or is tricked into previewing a malicious HDR file. The flaw is caused by missing length validation before copying user-supplied HDR data into a...