A buffer overflow flaw exists in the ReadJeffsImage function of GIMP’s GIF loading component. The vulnerability allows an attacker to write beyond the allocated buffer when parsing a specially crafted GIF file, which can lead to application crashes or, in some configurations, arbitrary code execution. The weakness aligns with CWE‑120, indicating improper bounds checking and memory corruption. Because the overflow occurs in a routine that processes user-supplied files, an attacker who can supply a malicious GIF to a system that runs GIMP can potentially destabilize the application or achieve escalation of privileges.

The flaw affects GIMP installations that are part of Red Hat Enterprise Linux releases 6, 7, 8, and 9. No specific GIMP version numbers are listed in the advisory, so any distribution package containing GIMP on these operating systems is potentially affected. Exact impact may vary depending on whether the vulnerable function is invoked during typical user workflows or server‑side processing.

The CVSS base score of 7.3 classifies this as a high‑severity vulnerability, while the EPSS score is not available, indicating that we lack current data on exploit prevalence. The vulnerability has not been listed in the CISA Known Exploited Vulnerabilities catalog, suggesting no publicly known weaponized exploits as of now. The likely attack vector is local exploitation via crafted GIF files processed by the GIMP application, but if GIMP or its libraries are used in a shared or networked context, remote execution could be possible. No official workaround exists that meets Red Hat security criteria, so the risk remains until a patch or upgrade is deployed.