A number of vulnerabilities in Microsoft’s Graphics Machine Interface (GDI), a core part of the Home windows working system chargeable for rendering graphics.
These flaws, found by Test Level by way of an intensive fuzzing marketing campaign concentrating on Enhanced Metafile (EMF) codecs, might allow distant attackers to execute arbitrary code or steal delicate knowledge.
The problems have been responsibly disclosed to Microsoft and patched throughout a number of Patch Tuesday updates in 2025, however they underscore ongoing dangers in legacy graphics processing.
The vulnerabilities stem from improper dealing with of EMF+ information, that are utilized in paperwork and pictures processed by purposes like Microsoft Workplace and net browsers.
Attackers might exploit them by tricking customers into opening malicious recordsdata, comparable to rigged Phrase paperwork or picture thumbnails, probably resulting in full system compromise with out person interplay.
Test Level’s evaluation, detailed in a current weblog publish, emphasizes how these bugs arose from invalid rectangle objects, buffer overflows, and incomplete prior fixes, highlighting the challenges of securing deeply embedded system libraries.
Home windows Graphics Vulnerabilities
CVE-2025-30388, rated Necessary with a CVSS rating of 8.8, includes out-of-bounds reminiscence operations in the course of the processing of information like EmfPlusDrawString and EmfPlusFillRects.
Triggered by malformed EmfPlusSetTSClip information, it permits attackers to learn or write past allotted heap buffers, probably leaking knowledge or enabling code execution.
This flaw impacts Home windows 10 and 11, in addition to Workplace for Mac and Android, and Microsoft deems it “Exploitation Extra Probably” resulting from its accessibility through widespread file codecs.
Essentially the most extreme, CVE-2025-53766 (Essential, CVSS 9.8), permits distant code execution by way of out-of-bounds writes within the ScanOperation::AlphaDivide_sRGB perform.
By crafting EmfPlusDrawRects information with outsized rectangles, attackers can overflow scan-line buffers in bitmap rendering, bypassing boundaries in thumbnail era. No privileges are required, making it very best for network-based assaults on providers parsing EMF recordsdata.
CVE-2025-47984 (Necessary, CVSS 7.5), an data disclosure bug, exploits a lingering flaw in EMR_STARTDOC file dealing with, tied to an incomplete repair for CVE-2022-35837.
It causes over-reads in string size calculations, exposing adjoining heap reminiscence. Categorized as a safety mechanism failure (CWE-693), this might support additional assaults by revealing system secrets and techniques.
CVE IDSeverityCVSS v3.1 ScoreAffected ProductsImpactPatch KBCVE-2025-30388Important8.8Windows 10/11, Workplace (Mac/Android)RCE, Information DisclosureKB5058411 (Might)CVE-2025-53766Critical9.8Windows 10/11Remote Code ExecutionKB5063878 (Aug)CVE-2025-47984Important7.5Windows 10/11Information DisclosureKB5062553 (Jul)
Mitigations
Microsoft addressed these in GdiPlus.dll and gdi32full.dll updates, including validations for rectangles, scan-lines, and offsets to stop overflows. Customers ought to apply patches instantly and allow automated updates.
Test Level recommends disabling EMF rendering in untrusted contexts, utilizing sandboxed viewers for paperwork, and monitoring for anomalous graphics processing.
These discoveries, a part of a fuzzing effort on Home windows kernel graphics, reveal how refined errors in file parsing can evade detection for years. As distant work and cloud providers proliferate, such vulnerabilities pose escalating threats to enterprises.
Comply with us on Google Information, LinkedIn, and X for day by day cybersecurity updates. Contact us to characteristic your tales.
