Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.
The bug is a heap-based buffer overflow (CWE-122) in the Windows GDI+ library. An attacker sends specially crafted data over the network that causes data to be written beyond the reserved memory area. This can enable overwriting control structures in the process memory and consequently redirect code execution to a malicious payload. The attack requires no authentication or any user interaction.
Successful exploitation of this vulnerability allows an attacker to execute arbitrary code remotely (RCE) in the context of the process handling GDI+, which can lead to complete system compromise, loss of confidentiality, integrity, and availability of data.
Patches available from the vendor should be applied immediately in accordance with references published in the Microsoft Security Response Center (MSRC) at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53766
Microsoft Windows 11 22H2, Microsoft Windows Server 2016, Microsoft Windows Server 2019, Microsoft Windows Server 2022, Microsoft Windows Server 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HMicrosoft Office
APPMicrosoft< 16.0.14326.22618< 16.0.19127.20000Microsoft Windows 10 1507
OSMicrosoft< 10.0.10240.21100Microsoft Windows 10 1607
OSMicrosoft< 10.0.14393.8330Microsoft Windows 10 1809
OSMicrosoft< 10.0.17763.7678Microsoft Windows 10 21h2
OSMicrosoft< 10.0.19044.6216Microsoft Windows 10 22h2
OSMicrosoft< 10.0.19045.6216Microsoft Windows 11 22h2
OSMicrosoft< 10.0.22621.5768Microsoft Windows 11 23h2
OSMicrosoft< 10.0.22631.5768Microsoft Windows 11 24h2
OSMicrosoft< 10.0.26100.4851Microsoft Windows Server 2008
OSMicrosoftr2Microsoft Windows Server 2012
OSMicrosoftr2Microsoft Windows Server 2016
OSMicrosoft< 10.0.14393.8330Microsoft Windows Server 2019
OSMicrosoft< 10.0.17763.7678Microsoft Windows Server 2022
OSMicrosoft< 10.0.20348.3989Microsoft Windows Server 2022 23h2
OSMicrosoft< 10.0.25398.1791Microsoft Windows Server 2025
OSMicrosoft< 10.0.26100.4851
Related vulnerabilities
RCE w Windows Server Update Service (WSUS) — deserializacja danych
Microsoft Outlook Elevation of Privilege Vulnerability
A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly val...
A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly ...
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properl...