CVE-2026-59089: Integer Overflow or Wraparound in Red Hat Red Hat Enterprise Linux 6
A flaw was found in GIMP. The PlayStation TIM loader, responsible for handling PlayStation image files, incorrectly calculates the size of the Color Look-Up Table (CLUT) due to an integer overflow. This occurs when multiplying num_colors and num_cluts, both 16-bit unsigned short integers, resulting in a value exceeding the maximum integer limit. An attacker could exploit this by providing a specially crafted image file, leading to undefined behavior and causing the GIMP plug-in to abort, effectively resulting in a denial of service.
AI Analysis
Technical Summary
The vulnerability in Red Hat Enterprise Linux 6 involves an integer overflow in the GIMP PlayStation TIM loader component. Specifically, the calculation of the Color Look-Up Table size multiplies num_colors and num_cluts, both 16-bit unsigned short integers, which can overflow and lead to incorrect size computation. This results in undefined behavior causing the GIMP plug-in to abort and leads to a denial of service condition when processing specially crafted image files.
Potential Impact
An attacker can cause a denial of service by supplying a maliciously crafted PlayStation TIM image file that triggers the integer overflow in the CLUT size calculation. This causes the GIMP plug-in to abort unexpectedly. There is no indication of confidentiality or integrity impact. No known exploits are reported in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory at https://access.redhat.com/security/cve/CVE-2026-59089 for current remediation guidance. Until a fix is available, avoid processing untrusted PlayStation TIM image files with GIMP on affected systems.
CVE-2026-59089: Integer Overflow or Wraparound in Red Hat Red Hat Enterprise Linux 6
Description
A flaw was found in GIMP. The PlayStation TIM loader, responsible for handling PlayStation image files, incorrectly calculates the size of the Color Look-Up Table (CLUT) due to an integer overflow. This occurs when multiplying num_colors and num_cluts, both 16-bit unsigned short integers, resulting in a value exceeding the maximum integer limit. An attacker could exploit this by providing a specially crafted image file, leading to undefined behavior and causing the GIMP plug-in to abort, effectively resulting in a denial of service.
CVSS v3.1
Score 5.5medium
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability in Red Hat Enterprise Linux 6 involves an integer overflow in the GIMP PlayStation TIM loader component. Specifically, the calculation of the Color Look-Up Table size multiplies num_colors and num_cluts, both 16-bit unsigned short integers, which can overflow and lead to incorrect size computation. This results in undefined behavior causing the GIMP plug-in to abort and leads to a denial of service condition when processing specially crafted image files.
Potential Impact
An attacker can cause a denial of service by supplying a maliciously crafted PlayStation TIM image file that triggers the integer overflow in the CLUT size calculation. This causes the GIMP plug-in to abort unexpectedly. There is no indication of confidentiality or integrity impact. No known exploits are reported in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory at https://access.redhat.com/security/cve/CVE-2026-59089 for current remediation guidance. Until a fix is available, avoid processing untrusted PlayStation TIM image files with GIMP on affected systems.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2026-07-02T15:11:12.820Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/security/cve/CVE-2026-59089","vendor":"Red Hat"}]
Threat ID: 6a4c076a27e9c7971920cc2f
Added to database: 07/06/2026, 19:52:10 UTC
Last enriched: 07/06/2026, 20:06:27 UTC
Last updated: 07/06/2026, 20:37:14 UTC
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.