The GIMP image editing program in Red Hat Enterprise Linux 8.4 contains multiple vulnerabilities involving memory disclosure, denial of service, and remote code execution triggered by parsing specially crafted PCX, XPM, PSD, and PSP image files. These vulnerabilities are tracked under CVE-2026-4887, CVE-2026-4154, CVE-2026-4150, and CVE-2026-4153. Red Hat Product Security has released an important security advisory (RHSA-2026:20552) providing updated GIMP packages to remediate these issues. The vulnerabilities stem from integer overflows and improper handling of image file formats, potentially allowing arbitrary code execution or denial of service. The advisory applies to Red Hat Enterprise Linux 8.4 Extended Update Support and Advanced Update Support variants. No CVSS scores are provided in the advisory, and no active exploitation has been reported.

Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code on the affected system or cause a denial of service by crashing the GIMP application. Memory disclosure could also expose sensitive information. The impact is rated as high by Red Hat Product Security. However, no known exploits in the wild have been reported.

Red Hat has released updated GIMP packages addressing these vulnerabilities as part of RHSA-2026:20552. Users of affected Red Hat Enterprise Linux 8.4 variants should apply the security update promptly to remediate these issues. Detailed instructions and updated packages are available from the Red Hat advisory page: https://access.redhat.com/articles/11258. There is no indication that additional mitigation steps are required beyond applying the official update.