Description
A flaw was found in GIMP. The PlayStation TIM loader, responsible for handling PlayStation image files, incorrectly calculates the size of the Color Look-Up Table (CLUT) due to an integer overflow. This occurs when multiplying num_colors and num_cluts, both 16-bit unsigned short integers, resulting in a value exceeding the maximum integer limit. An attacker could exploit this by providing a specially crafted image file, leading to undefined behavior and causing the GIMP plug-in to abort, effectively resulting in a denial of service.
Published: 2026-07-06
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in GIMP’s PlayStation TIM loader allows an attacker to supply a specially crafted image file that triggers an integer overflow when calculating the size of a Color Look‑Up Table. The overflow causes the plug‑in to abort, leading to an application crash and a denial of service. The vulnerability is a classic arithmetic overflow problem (CWE‑190).

Affected Systems

The issue affects Red Hat Enterprise Linux versions 6, 7, 8, and 9 that ship with the vulnerable GIMP package. All users running the default GIMP distribution on these operating systems are potentially exposed.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate risk, and the EPSS score of < 1% indicates a very low but non‑zero exploitation probability, making it unclear how frequently the vulnerability is actively exploited. The attack requires an attacker to supply a malicious image file, typically through social engineering or compromised content, and the victim must run GIMP to trigger the crash. The vulnerability is not listed in the CISA KEV catalogue, but it remains a valid local denial‑of‑service concern for users who regularly open or process PlayStation image files.

Generated by OpenCVE AI on July 10, 2026 at 06:53 UTC.

Remediation

Vendor Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.


OpenCVE Recommended Actions

  • Check the Red Hat errata catalogue for a GIMP update that resolves the integer overflow and apply the package update if available.
  • If no patch is available, configure GIMP to disable the PlayStation TIM loader or block the loading of TIM files from untrusted sources.
  • Apply host‑level sandboxing or containerisation around the GIMP process to limit the impact of a crash on the rest of the system.

Generated by OpenCVE AI on July 10, 2026 at 06:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Jul 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Moderate


Mon, 06 Jul 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 06 Jul 2026 19:45:00 +0000

Type Values Removed Values Added
Description A flaw was found in GIMP. The PlayStation TIM loader, responsible for handling PlayStation image files, incorrectly calculates the size of the Color Look-Up Table (CLUT) due to an integer overflow. This occurs when multiplying num_colors and num_cluts, both 16-bit unsigned short integers, resulting in a value exceeding the maximum integer limit. An attacker could exploit this by providing a specially crafted image file, leading to undefined behavior and causing the GIMP plug-in to abort, effectively resulting in a denial of service.
Title Gimp: gimp: denial of service via integer overflow in playstation tim loader
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-190
CPEs cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}


Subscriptions

Redhat Enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-07-06T19:48:53.313Z

Reserved: 2026-07-02T15:11:12.820Z

Link: CVE-2026-59089

cve-icon Vulnrichment

Updated: 2026-07-06T19:48:38.227Z

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-15T00:00:00Z

Links: CVE-2026-59089 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-07-10T07:00:06Z

Weaknesses
  • CWE-190

    Integer Overflow or Wraparound