Windows GDI EMF/EMF+ memory corruption flaws (multiple vulnerabilities)
Vulnerability
Summary
Hide ▲
Show ▼
Three Windows GDI flaws in GdiPlus.dll and gdi32full.dll can enable remote code execution and information disclosure, and Microsoft has already shipped fixes for CVE-2025-30388, CVE-2025-53766, and CVE-2025-47984. The weaknesses stem from malformed EMF/EMF+ records that trigger memory corruption during image rendering and print-related processing. Researchers uncovered the issues through a fuzzing campaign targeting EMF formats.
Timeline
-
03.11.2025 18:00 2 articles · 6mo ago
Microsoft fixes Windows GDI memory corruption flaws
Initial DisclosureMicrosoft released fixes for three previously unknown Windows Graphics Device Interface (GDI) vulnerabilities in GdiPlus.dll and gdi32full.dll that can enable remote code execution and information disclosure through malformed EMF and EMF+ records. Check Point Research linked the flaws to a fuzzing campaign against EMF formats and identified CVE-2025-30388, CVE-2025-53766 and CVE-2025-47984; mitigations arrived through KB5058411, KB5062553 and KB5063878, and the affected builds include GdiPlus.dll 10.0.26100.3037 through 10.0.26100.4946 and gdi32full.dll 10.0.26100.4652.
Show sources
- New GDI Flaws Could Enable Remote Code Execution in Windows — www.infosecurity-magazine.com — 03.11.2025 18:00
- New GDI Flaws Could Enable Remote Code Execution in Windows — www.infosecurity-magazine.com — 03.11.2025 18:00