This security update addresses multiple critical vulnerabilities in GIMP, including remote code execution via specially crafted image files (XPM, ANI, JP2, PSP, PSD) and memory disclosure/denial of service via PCX files. The CVSS scores for the detailed CVEs range from 6.1 to 7.8. For CVE-2026-4887, the affected version is GIMP prior to 3.2.0, and the fixed version is 3.2.0.
Red Hat Product Errata RHSA-2026:19362 - Security Advisory Issued: 2026-05-19 Updated: 2026-05-19 RHSA-2026:19362 - Security Advisory Overview Updated Packages Synopsis Important: gimp security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for gimp is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The GIMP (GNU Image Manipulation Program) is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. Security Fix(es): gimp: GIMP:Memory disclosure and denial of service via specially crafted PCX image (CVE-2026-4887) gimp: GIMP: Remote Code Execution via XPM File Parsing Integer Overflow (CVE-2026-4154) gimp: GIMP: Remote Code Execution via ANI File Parsing Integer Overflow (CVE-2026-4151) gimp: GIMP: Remote Code Execution via malicious JP2 file parsing (CVE-2026-4152) GIMP: GIMP: Arbitrary code execution via specially crafted PSD file (CVE-2026-4150) gimp: GIMP: Remote Code Execution via PSP file parsing (CVE-2026-4153) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 9 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8 x86_64 Red Hat Enterprise Linux for Power, little endian 9 ppc64le Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.8 ppc64le Red Hat Enterprise Linux for ARM 64 9 aarch64 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.8 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.8 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.8 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.8 aarch64 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.8 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.8 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.8 ppc64le Fixes BZ - 2451669 - CVE-2026-4887 gimp: GIMP:Memory disclosure and denial of service via specially crafted PCX image BZ - 2457530 - CVE-2026-4154 gimp: GIMP: Remote Code Execution via XPM File Parsing Integer Overflow BZ - 2457532 - CVE-2026-4151 gimp: GIMP: Remote Code Execution via ANI File Parsing Integer Overflow BZ - 2457533 - CVE-2026-4152 gimp: GIMP: Remote Code Execution via malicious JP2 file parsing BZ - 2457535 - CVE-2026-4150 GIMP: GIMP: Arbitrary code execution via specially crafted PSD file BZ - 2457536 - CVE-2026-4153 gimp: GIMP: Remote Code Execution via PSP file parsing CVEs CVE-2026-4150 CVE-2026-4151 CVE-2026-4152 CVE-2026-4153 CVE-2026-4154 CVE-2026-4887 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 9 SRPM gimp-3.0.4-4.el9_8.4.src.rpm SHA-256: bc75a2af77f4cb72e0045773e65b8005889d9a56fe46f15833b5b54eda576dc6 x86_64 gimp-3.0.4-4.el9_8.4.x86_64.rpm SHA-256: ec4091fae195c7ae5df7efdf613cbc80825d70c8ed9e6d06e7321b2ccb44d73f gimp-debuginfo-3.0.4-4.el9_8.4.i686.rpm SHA-256: 51834c64ef98774081b332d48dde7c0976e6c826eda4ca6d78bbdcb54ac7fc8b gimp-debuginfo-3.0.4-4.el9_8.4.x86_64.rpm SHA-256: 4afe8e7a0df35533d6a9bc869f649af89b426d94b0496e80bbd393705bb92d41 gimp-debugsource-3.0.4-4.el9_8.4.i686.rpm SHA-256: 479b8c04e8d47722273f43aea0c6f6f377316db0ca1b27618d38cda710945e5e gimp-debugsource-3.0.4-4.el9_8.4.x86_64.rpm SHA-256: 0d1fafe8e63f211c74d4d1ef2bf99471896e014b784244663bd767388a5ec3c7 gimp-devel-tools-debuginfo-3.0.4-4.el9_8.4.i686.rpm SHA-256: c71f567f943201cb8d4bcd0ac4279a42ad9edd60ed85fc340da8655b05a1a9e4 gimp-devel-tools-debuginfo-3.0.4-4.el9_8.4.x86_64.rpm SHA-256: e61b5ec43b743f4a7013e8114bcb737b50399e2f7a7daf3e7701974a7a0c9d19 gimp-libs-3.0.4-4.el9_8.4.i686.rpm SHA-256: 7dfa8bdf968f45dcf65e2d96cfdddab817d01031ee0865454c07ca8756119a47 gimp-libs-3.0.4-4.el9_8.4.x86_64.rpm SHA-256: 8989825ef93347f1723c74d60eda6f13177263c1fa5464fe013182410cd85b73 gimp-libs-debuginfo-3.0.4-4.el9_8.4.i686.rpm SHA-256: b256f1138168033cbe1b403078a9e44d4f2729eb48930a7cf3d9a447e03ca040 gimp-libs-debuginfo-3.0.4-4.el9_8.4.x86_64.rpm SHA-256: 84e8946d8cd0c0578b84a9aaef0fbca35c2a321751d36f46816f792d8d637a02 Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8 SRPM gimp-3.0.4-4.el9_8.4.src.rpm SHA-256: bc75a2af77f4cb72e0045773e65b8005889d9a56fe46f15833b5b54eda576dc6 x86_64 gimp-3.0.4-4.el9_8.4.x86_64.rpm SHA-256: ec4091fae195c7ae5df7efdf613cbc80825d70c8ed9e6d06e7321b2ccb44d73f gimp-debuginfo-3.0.4-4.el9_8.4.i686.rpm SHA-256: 51834c64ef98774081b332d48dde7c0976e6c826eda4ca6d78bbdcb54ac7fc8b gimp-debuginfo-3.0.4-4.el9_8.4.x86_64.rpm SHA-256: 4afe8e7a0df35533d6a9bc869f649af89b426d94b0496e80bbd393705bb92d41 gimp-debugsource-3.0.4-4.el9_8.4.i686.rpm SHA-256: 479b8c04e8d47722273f43aea0c6f6f377316db0ca1b27618d38cda710945e5e gimp-debugsource-3.0.4-4.el9_8.4.x86_64.rpm SHA-256: 0d1fafe8e63f211c74d4d1ef2bf99471896e014b784244663bd767388a5ec3c7 gimp-devel-tools-debuginfo-3.0.4-4.el9_8.4.i686.rpm SHA-256: c71f567f943201cb8d4bcd0ac4279a42ad9edd60ed85fc340da8655b05a1a9e4 gimp-devel-tools-debuginfo-3.0.4-4.el9_8.4.x86_64.rpm SHA-256: e61b5ec43b743f4a7013e8114bcb737b50399e2f7a7daf3e7701974a7a0c9d19 gimp-libs-3.0.4-4.el9_8.4.i686.rpm SHA-256: 7dfa8bdf968f45dcf65e2d96cfdddab817d01031ee0865454c07ca8756119a47 gimp-libs-3.0.4-4.el9_8.4.x86_64.rpm SHA-256: 8989825ef93347f1723c74d60eda6f13177263c1fa5464fe013182410cd85b73 gimp-libs-debuginfo-3.0.4-4.el9_8.4.i686.rpm SHA-256: b256f1138168033cbe1b403078a9e44d4f2729eb48930a7cf3d9a447e03ca040 gimp-libs-debuginfo-3.0.4-4.el9_8.4.x86_64.rpm SHA-256: 84e8946d8cd0c0578b84a9aaef0fbca35c2a321751d36f46816f792d8d637a02 Red Hat Enterprise Linux for Power, little endian 9 SRPM gimp-3.0.4-4.el9_8.4.src.rpm SHA-256: bc75a2af77f4cb72e0045773e65b8005889d9a56fe46f15833b5b54eda576dc6 ppc64le gimp-3.0.4-4.el9_8.4.ppc64le.rpm SHA-256: 9e7b573a6aa476c7af11778f09d784714f0416059021a2fbbb8e521b50983698 gimp-debuginfo-3.0.4-4.el9_8.4.ppc64le.rpm SHA-256: 55ef45c3783ff1c873e638e3467455da8376a707fed534b23a6315466852a4b8 gimp-debugsource-3.0.4-4.el9_8.4.ppc64le.rpm SHA-256: 72395ae5cfbd227019394ce585011246fc6ea9a8bc5f3795eaff1209807d1435 gimp-devel-tools-debuginfo-3.0.4-4.el9_8.4.ppc64le.rpm SHA-256: 0d3f753a22a77b48c3dc4441f5fc4f6014b7be1ec793552d19e23245ec31632f gimp-libs-3.0.4-4.el9_8.4.ppc64le.rpm SHA-256: 81d1c14baab670d6bb7903d041afde14a6a3f2be708c8c11cd573c67eba4f971 gimp-libs-debuginfo-3.0.4-4.el9_8.4.ppc64le.rpm SHA-256: bf8f61d0c3141b1fe4300444328ebacc16063166c6b73675c0be262741c001b4 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.8 SRPM gimp-3.0.4-4.el9_8.4.src.rpm SHA-256: bc75a2af77f4cb72e0045773e65b8005889d9a56fe46f15833b5b54eda576dc6 ppc64le gimp-3.0.4-4.el9_8.4.ppc64le.rpm SHA-256: 9e7b573a6aa476c7af11778f09d784714f0416059021a2fbbb8e521b50983698 gimp-debuginfo-3.0.4-4.el9_8.4.ppc64le.rpm SHA-256: 55ef45c3783ff1c873e638e3467455da8376a707fed534b23a6315466852a4b8 gimp-debugsource-3.0.4-4.el9_8.4.ppc64le.rpm SHA-256: 72395ae5cfbd227019394ce585011246fc6ea9a8bc5f3795eaff1209807d1435 gimp-devel-tools-debuginfo-3.0.4-4.el9_8.4.ppc64le.rpm SHA-256: 0d3f753a22a77b48c3dc4441f5fc4f6014b7be1ec793552d19e23245ec31632f gimp-libs-3.0.4-4.el9_8.4.ppc64le.rpm SHA-256: 81d1c14baab670d6bb7903d041afde14a6a3f2be708c8c11cd573c67eba4f971 gimp-libs-debuginfo-3.0.4-4.el9_8.4.ppc64le.rpm SHA-256: bf8f61d0c3141b1fe4300444328ebacc16063166c6b73675c0be262741c001b4 Red Hat Enterprise Linux for ARM 64 9 SRPM gimp-3.0.4-4.el9_8.4.src.rpm SHA-256: bc75a2af77f4cb72e0045773e65b8005889d9a56fe46f15833b5b54eda576dc6 aarch64 gimp-3.0.4-4.el9_8.4.aarch64.rpm SHA-256: ec1d9fc47aa2023387655ad34a3d15b225eab5a227129b96e87d2d0d4e13439e gimp-debuginfo-3.0.4-4.el9_8.4.aarch64.rpm SHA-256: dce34ef0df23aab1306750e84647c85b98e76e6ef9814d7007ce271f6180e505 gimp-debugsource-3.0.4-4.el9_8.4.aarch64.rpm SHA-256: 8ae455eefb07fb8671979e70f4b25440047fdac2b88b6a218c8831dab98050b6 gimp-devel-tools-debuginfo-3.0.4-4.el9_8.4.aarch64.rpm SHA-256: 3d4d3ffd232923ba11913918606826a437b53ca33943766979d102a44a463966 gimp-libs-3.0.4-4.el9_8.4.aarch64.rpm SHA-256: d25e2f3ff787c87921bd39612a25f001ed36771a51efda2d13ec7fb370318b07 gimp-libs-debuginfo-3.0.4-4.el9_8.4.aarch64.rpm SHA-256: eeb9f5fda8e77b301bdf27941f3b34baac7fa82d7a5584173a7b726800f28bdf Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.8 SRPM gimp-3.0.4-4.el9_8.4.src.rpm SHA-256: bc75a2af77f4cb72e0045773e65b8005889d9a56fe46f15833b5b54eda576dc6 aarch64 gimp-3.0.4-4.el9_8.4.aarch64.rpm SHA-256: ec1d9fc47aa2023387655ad34a3d15b225eab5a227129b96e87d2d0d4e13439e gimp-debuginfo-3.0.4-4.el9_8.4.aarch64.rpm SHA-256: dce34ef0df23aab1306750e84647c85b98e76e6ef9814d7007ce271f6180e505 gimp-debugsource-3.0.4-4.el9_8.4.aarch64.rpm SHA-256: 8ae455eefb07fb8671979e70f4b25440047fdac2b88b6a218c8831dab98050b6 gimp-devel-tools-debuginfo-3.0.4-4.el9_8.4.aarch64.rpm SHA-256: 3d4d3ffd232923ba11913918606826a437b53ca33943766979d102a44a463966 gimp-libs-3.0.4-4.el9_8.4.aarch64.rpm SHA-256: d25e2f3ff787c87921bd39612a25f001ed36771a51efda2d13ec7fb370318b07 gimp-libs-debuginfo-3.0.4-4.el9_8.4.aarch64.rpm SHA-256: eeb9f5fda8e77b301bdf27941f3b34baac7fa82d7a558