Red Hat Security Advisory: gimp security update
Multiple security vulnerabilities have been identified in GIMP (GNU Image Manipulation Program) as packaged in Red Hat Enterprise Linux 9. These include memory disclosure, denial of service, and several remote code execution flaws triggered by specially crafted image files in PCX, XPM, ANI, JP2, PSD, and PSP formats. The vulnerabilities are rated as having an important security impact by Red Hat. An update addressing these issues is available for affected Red Hat Enterprise Linux 9 versions and architectures.
AI Analysis
Technical Summary
This Red Hat security advisory addresses six vulnerabilities in GIMP related to image file parsing. The issues include a memory disclosure and denial of service via a crafted PCX image (CVE-2026-4887), and multiple remote code execution vulnerabilities caused by integer overflows or malicious parsing in XPM (CVE-2026-4154), ANI (CVE-2026-4151), JP2 (CVE-2026-4152), PSD (CVE-2026-4150), and PSP (CVE-2026-4153) image formats. These flaws could allow an attacker to execute arbitrary code or cause denial of service when processing specially crafted image files. The advisory covers Red Hat Enterprise Linux 9 packages for multiple architectures. Red Hat has released updated packages to fix these vulnerabilities.
Potential Impact
Successful exploitation of these vulnerabilities could lead to arbitrary code execution or denial of service on systems running vulnerable versions of GIMP. This could compromise system integrity and availability. The vulnerabilities affect multiple image parsing components, increasing the attack surface. No known exploits in the wild have been reported at the time of the advisory.
Mitigation Recommendations
Red Hat has released updated GIMP packages for Red Hat Enterprise Linux 9 that address these vulnerabilities. Users should apply the security update as described in the Red Hat advisory (RHSA-2026:19362) to remediate the issues. Patch status is confirmed as fixed by Red Hat. No additional vendor mitigation instructions are provided.
Red Hat Security Advisory: gimp security update
Description
Multiple security vulnerabilities have been identified in GIMP (GNU Image Manipulation Program) as packaged in Red Hat Enterprise Linux 9. These include memory disclosure, denial of service, and several remote code execution flaws triggered by specially crafted image files in PCX, XPM, ANI, JP2, PSD, and PSP formats. The vulnerabilities are rated as having an important security impact by Red Hat. An update addressing these issues is available for affected Red Hat Enterprise Linux 9 versions and architectures.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This Red Hat security advisory addresses six vulnerabilities in GIMP related to image file parsing. The issues include a memory disclosure and denial of service via a crafted PCX image (CVE-2026-4887), and multiple remote code execution vulnerabilities caused by integer overflows or malicious parsing in XPM (CVE-2026-4154), ANI (CVE-2026-4151), JP2 (CVE-2026-4152), PSD (CVE-2026-4150), and PSP (CVE-2026-4153) image formats. These flaws could allow an attacker to execute arbitrary code or cause denial of service when processing specially crafted image files. The advisory covers Red Hat Enterprise Linux 9 packages for multiple architectures. Red Hat has released updated packages to fix these vulnerabilities.
Potential Impact
Successful exploitation of these vulnerabilities could lead to arbitrary code execution or denial of service on systems running vulnerable versions of GIMP. This could compromise system integrity and availability. The vulnerabilities affect multiple image parsing components, increasing the attack surface. No known exploits in the wild have been reported at the time of the advisory.
Mitigation Recommendations
Red Hat has released updated GIMP packages for Red Hat Enterprise Linux 9 that address these vulnerabilities. Users should apply the security update as described in the Red Hat advisory (RHSA-2026:19362) to remediate the issues. Patch status is confirmed as fixed by Red Hat. No additional vendor mitigation instructions are provided.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:19362
- Cve Count
- 6
- Additional Cves
- ["CVE-2026-4151","CVE-2026-4152","CVE-2026-4153","CVE-2026-4154","CVE-2026-4887"]
- Cvss Version
- null
Threat ID: 6a160977e29bf47b50642618
Added to database: 5/26/2026, 8:58:31 PM
Last enriched: 5/26/2026, 11:35:44 PM
Last updated: 5/27/2026, 4:55:16 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.