[ALSA-2026:19362] Important: gimp security update
Type:
security
Severity:
important
Release date:
2026-07-02
Description:
The GIMP (GNU Image Manipulation Program) is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. Security Fix(es): * gimp: GIMP:Memory disclosure and denial of service via specially crafted PCX image (CVE-2026-4887) * gimp: GIMP: Remote Code Execution via XPM File Parsing Integer Overflow (CVE-2026-4154) * gimp: GIMP: Remote Code Execution via ANI File Parsing Integer Overflow (CVE-2026-4151) * gimp: GIMP: Remote Code Execution via malicious JP2 file parsing (CVE-2026-4152) * GIMP: GIMP: Arbitrary code execution via specially crafted PSD file (CVE-2026-4150) * gimp: GIMP: Remote Code Execution via PSP file parsing (CVE-2026-4153) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 gimp-libs-3.0.4-4.el9_8.4.aarch64.rpm 060ae43e36d54cf9e912846da8f5c31774ea684229b5fff5838f7d670bb47340
aarch64 gimp-3.0.4-4.el9_8.4.aarch64.rpm fc9497d1bccd9d89e8dafb9baa6f5eb8632193635d30fa073313bf17f24b32f7
i686 gimp-libs-3.0.4-4.el9_8.4.i686.rpm 47e24efe2d49ee0d2a1a443ade0a0c345e4b4c0780ff32302ef5cb1f8abb1217
ppc64le gimp-3.0.4-4.el9_8.4.ppc64le.rpm 54645bab9b5a40e4942df07b7ff6124ef88b2432a76785fe35558e9c6accfd26
ppc64le gimp-libs-3.0.4-4.el9_8.4.ppc64le.rpm dc0109bc07efba1d962203f349a7b5cdd5f39b5c91416b48bebd6f9dc0ef0c25
x86_64 gimp-3.0.4-4.el9_8.4.x86_64.rpm 19c5e1ab5e92726957549c661bf682c291e9ba707e4ec1d9cd1dc4aaa0c04449
x86_64 gimp-libs-3.0.4-4.el9_8.4.x86_64.rpm ed6a5175fd31ae951390159a38dbad47623599227081feb80e9aac314d70f2e7
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.