Skip to main content

GIMP CVE-2026-59089

| EUVDEUVD-2026-41913 MEDIUM
Integer Overflow or Wraparound (CWE-190)
2026-07-06 redhat GHSA-7v2w-74r7-8rq2
5.5
CVSS 3.1 · Vendor: redhat
Share

Severity by source

Vendor (redhat) PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

File-based local attack requires user to open the crafted TIM file (UI:R, AV:L); no privileges needed; impact is availability-only crash with no scope change.

3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (redhat).

CVSS VectorVendor: redhat

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jul 06, 2026 - 20:14 vuln.today
CVE Published
Jul 06, 2026 - 19:38 cve.org
MEDIUM 5.5

DescriptionCVE.org

A flaw was found in GIMP. The PlayStation TIM loader, responsible for handling PlayStation image files, incorrectly calculates the size of the Color Look-Up Table (CLUT) due to an integer overflow. This occurs when multiplying num_colors and num_cluts, both 16-bit unsigned short integers, resulting in a value exceeding the maximum integer limit. An attacker could exploit this by providing a specially crafted image file, leading to undefined behavior and causing the GIMP plug-in to abort, effectively resulting in a denial of service.

AnalysisAI

Integer overflow in GIMP's PlayStation TIM image loader crashes the plug-in when processing a maliciously crafted TIM file, resulting in denial of service. The flaw affects GIMP as packaged on Red Hat Enterprise Linux 6 through 9, where the TIM loader multiplies two 16-bit unsigned short values (num_colors × num_cluts) without bounds checking, producing a 32-bit overflow that corrupts CLUT size calculation and triggers an abort. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft malicious TIM file with overflow values
Delivery
Deliver file via email or download
Exploit
Victim opens file in GIMP
Execution
TIM loader performs overflowing CLUT multiplication
Persist
Undefined behavior triggers plug-in abort
Impact
GIMP session disrupted (DoS)

Vulnerability AssessmentAI

Exploitation Exploitation requires the target user to actively open a specially crafted PlayStation TIM image file within GIMP - the GIMP TIM loader plug-in must be present and enabled (default on RHEL GIMP packages). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Real-world risk is moderate-to-low. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts a PlayStation TIM image file with num_colors and num_cluts values chosen to trigger the 16-bit multiplication overflow - for example, 256 × 257 = 65,792, which truncates when stored in a 16-bit result - causing GIMP to allocate an undersized CLUT buffer. The attacker delivers this file to a target user via email attachment, shared drive, or web download, and persuades them to open it in GIMP. …
Remediation No vendor-released patch has been identified at time of analysis - the GNOME GitLab reference (https://gitlab.gnome.org/GNOME/gimp/-/work_items/16493) is a work item, not a closed merge request or tagged release, and no fixed version number appears in the available data. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-4480 CRITICAL POC
9.0 May 26

Remote code execution in Samba's printing subsystem allows remote attackers to inject arbitrary shell commands via craft

CVE-2026-14544 CRITICAL
9.8 Jul 03

Remote code execution and privilege escalation in HPLIP (HP Linux Imaging and Printing) affects the hpcups print filter

CVE-2026-33845 CRITICAL
9.1 Apr 30

Out-of-bounds read in the GnuTLS DTLS handshake reassembly logic lets remote unauthenticated attackers trigger an intege

CVE-2026-11610 HIGH
8.8 Jul 07

Denial of service in Red Hat / 389 Directory Server (389-ds-base, versions since ~1.3.2/2013) allows an authenticated LD

CVE-2026-14474 HIGH
8.8 Jul 07

Local-to-domain-wide root privilege escalation in SSSD's LDAP sudo provider allows an authenticated LDAP directory user

CVE-2026-52720 HIGH
8.8 Jun 15

Heap buffer overflow in GStreamer's librfb (RFB/VNC client) allows a malicious VNC server to corrupt heap memory on a co

CVE-2026-5260 HIGH
8.2 May 26

Information disclosure and denial of service in GnuTLS (libgnutls) let a remote, unauthenticated attacker trigger a heap

CVE-2026-0966 HIGH
8.2 Mar 26

Remote denial-of-service in libssh 0.11.x and earlier allows unauthenticated attackers to crash SSH server daemon proces

CVE-2026-42013 HIGH
8.2 May 26

Here is the multi-source synthesis as a single JSON object: ```json { "product_name": "GnuTLS", "summary": "Certifi

CVE-2026-14476 HIGH
8.0 Jul 07

Privilege escalation to root and Kerberos-based authentication bypass in SSSD's Active Directory GPO provider affects Re

CVE-2026-58384 HIGH
7.8 Jul 07

Heap memory corruption in GIMP's PSD (Photoshop) file parser allows a malicious .psd image to overflow an integer in rea

CVE-2026-58380 HIGH
7.8 Jul 06

Stack-based memory corruption in GIMP's PNM image parser lets an attacker execute code or crash the application when a v

Share

CVE-2026-59089 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy