Impact
A flaw in GIMP’s PlayStation TIM loader allows an attacker to supply a specially crafted image file that triggers an integer overflow when calculating the size of a Color Look‑Up Table. The overflow causes the plug‑in to abort, leading to an application crash and a denial of service. The vulnerability is a classic arithmetic overflow problem (CWE‑190).
Affected Systems
The issue affects Red Hat Enterprise Linux versions 6, 7, 8, and 9 that ship with the vulnerable GIMP package. All users running the default GIMP distribution on these operating systems are potentially exposed.
Risk and Exploitability
The CVSS score of 5.5 indicates moderate risk, and the EPSS score of < 1% indicates a very low but non‑zero exploitation probability, making it unclear how frequently the vulnerability is actively exploited. The attack requires an attacker to supply a malicious image file, typically through social engineering or compromised content, and the victim must run GIMP to trigger the crash. The vulnerability is not listed in the CISA KEV catalogue, but it remains a valid local denial‑of‑service concern for users who regularly open or process PlayStation image files.
OpenCVE Enrichment