CVE-2025-6035 is a medium-severity vulnerability identified in the GIMP image manipulation program, specifically within the "Despeckle" plug-in, as packaged in Red Hat Enterprise Linux 6. The root cause of this vulnerability is an integer overflow during the calculation of memory allocation size. The plug-in multiplies image dimensions—width, height, and bytes-per-pixel (img_bpp)—without proper bounds checking. When these values are large enough, the multiplication can overflow, causing the program to allocate less memory than required. Subsequent operations then write beyond the allocated heap buffer, leading to out-of-bounds writes. This heap corruption can manifest as a denial of service (DoS) by crashing the application or, in more severe cases, enable arbitrary code execution if an attacker can carefully craft an image file to exploit the memory corruption. The vulnerability requires local access with low privileges (AV:L, PR:L) but does not require user interaction (UI:N). The CVSS v3.1 base score is 6.6, reflecting a medium severity with limited confidentiality and integrity impact but a high impact on availability. No known exploits are currently reported in the wild, and no patches or fixes have been linked yet. The vulnerability affects Red Hat Enterprise Linux 6, which remains in use in some legacy environments despite its age. The flaw is significant because GIMP is a widely used open-source image editor, and the plug-in is part of its standard functionality, potentially exposing systems that process untrusted image files locally or via automated workflows.

For European organizations, the impact of CVE-2025-6035 depends largely on their use of Red Hat Enterprise Linux 6 and GIMP, particularly the Despeckle plug-in. Organizations that process untrusted image files locally or in automated pipelines (e.g., media companies, graphic design firms, or government agencies handling image data) could be vulnerable to denial of service or code execution attacks if an attacker can supply malicious images. The local attack vector and requirement for low privileges reduce the risk of remote exploitation but do not eliminate it in environments where users can be tricked into opening malicious files or where untrusted files are processed automatically. The potential for arbitrary code execution elevates the risk to system integrity and availability, which could disrupt critical services or lead to further compromise. Given that Red Hat Enterprise Linux 6 is an older platform, organizations still running it may face increased risk due to limited vendor support and patch availability. The vulnerability could also affect supply chains or third-party service providers using affected systems, indirectly impacting European organizations.

European organizations should prioritize upgrading from Red Hat Enterprise Linux 6 to a more recent, supported version of the operating system where possible, as this will likely include updated GIMP packages without the vulnerability. In environments where upgrading is not immediately feasible, organizations should restrict access to systems running RHEL 6 with GIMP installed, especially limiting the ability of unprivileged users to execute or open untrusted image files. Implement strict file validation and scanning for image files before processing them with GIMP or related tools. Employ application whitelisting and sandboxing techniques to isolate GIMP processes and limit the impact of potential exploitation. Monitoring for unusual application crashes or heap corruption symptoms can help detect exploitation attempts. Finally, stay alert for official patches or updates from Red Hat and apply them promptly once available. If custom builds of GIMP are used, recompiling with added bounds checking or memory safety features can reduce risk.