Impact
The flaw is a heap buffer overflow in GIMP’s Paint Shop Pro (PSP) file parser. When the program processes a crafted low‑bit‑depth PSP image it incorrectly calculates buffer sizes, leading to an overwrite of adjacent memory. This can give an attacker the ability to run arbitrary code or trigger a denial of service. The vulnerability is exercised through user interaction, requiring the opening of a malicious image file.
Affected Systems
The vulnerability affects the Red Hat Enterprise Linux releases 6, 7, 8, and 9 because GIMP is supplied as a package in those distributions. No further product or version details are provided in the CNA data, but the issue applies to the GIMP instances bundled with these operating systems.
Risk and Exploitability
The CVSS score of 7.3 indicates a moderate to high severity. The EPSS score of < 1% indicates a low likelihood of exploitation, and the vulnerability is not listed in the CISA KEV catalog, suggesting it is not widely exploited as of now. The likely attack vector is user‑based; a remote attacker must entice an end‑user to open a malicious PSP file, a form of social engineering or remote file execution via user action. When the file is opened, the buffer overflow can lead to arbitrary code execution or a crash.
OpenCVE Enrichment