Red Hat Product Errata RHSA-2026:1587 - Security Advisory
Issued:
2026-01-29
Updated:
2026-01-29

RHSA-2026:1587 - Security Advisory

Synopsis

Important: gimp security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for gimp is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The GIMP (GNU Image Manipulation Program) is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo.

Security Fix(es):

  • gimp: GIMP: Remote Code Execution via PNM file parsing integer overflow (CVE-2025-14422)
  • gimp: GIMP: Remote Code Execution via JP2 file parsing heap-based buffer overflow (CVE-2025-14425)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server - AUS 9.2 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 s390x

Fixes

  • BZ - 2424766 - CVE-2025-14422 gimp: GIMP: Remote Code Execution via PNM file parsing integer overflow
  • BZ - 2424767 - CVE-2025-14425 gimp: GIMP: Remote Code Execution via JP2 file parsing heap-based buffer overflow

Red Hat Enterprise Linux Server - AUS 9.2

SRPM
gimp-2.99.8-4.el9_2.3.src.rpm SHA-256: 036aedab52f93a8d7cdd5e307911ed185fce4def07121edd649801806bdc4be9
x86_64
gimp-2.99.8-4.el9_2.3.x86_64.rpm SHA-256: 7fbb5decab62616998845397e6be09e1b91e3561d73bedd4a12e21d697af61f0
gimp-debuginfo-2.99.8-4.el9_2.3.i686.rpm SHA-256: 65b12811b0babbb4f605265df996a4480c2f4f426592e5e1a47ea5143e302129
gimp-debuginfo-2.99.8-4.el9_2.3.x86_64.rpm SHA-256: 50e3b8a169e88a9ad246ba5dbb3f5aa12d3e1b8ba3ff4d7ac39580c21270eed0
gimp-debugsource-2.99.8-4.el9_2.3.i686.rpm SHA-256: 752697c57a9696f78cad66c84acfbcd28756f97211f4414297ecde799f9fd9c7
gimp-debugsource-2.99.8-4.el9_2.3.x86_64.rpm SHA-256: 820e0d9eb25d0c4509be7e2095f5bcc0a916a51444f7255d06ccd236bdbb075d
gimp-devel-tools-debuginfo-2.99.8-4.el9_2.3.i686.rpm SHA-256: 4987514709d9addea08a4d6105eaf9f8cab0bcd92c502c5ef78203d097e61e2f
gimp-devel-tools-debuginfo-2.99.8-4.el9_2.3.x86_64.rpm SHA-256: 2d83d9fa0aa89d5904922f8818f6aa3a7bffeb53922f69514f1739b54ced0056
gimp-libs-2.99.8-4.el9_2.3.i686.rpm SHA-256: c98232def36936808cd578a3adcbd193ca198d1d84b7ffac73911c370a33f747
gimp-libs-2.99.8-4.el9_2.3.x86_64.rpm SHA-256: 4328a35c3c13cd05de926c2d2532e23076640afabe77621c709f4b6a1efc8112
gimp-libs-debuginfo-2.99.8-4.el9_2.3.i686.rpm SHA-256: bf5ae94d0d3f8b5f06eef7a64e7959748a5a5dada816c8c1ee4ca75c89a55bb3
gimp-libs-debuginfo-2.99.8-4.el9_2.3.x86_64.rpm SHA-256: cf1f0b2b63c23772edd68da4d1772d66bed3b79cf9b7c8272790096866aeb66c

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2

SRPM
gimp-2.99.8-4.el9_2.3.src.rpm SHA-256: 036aedab52f93a8d7cdd5e307911ed185fce4def07121edd649801806bdc4be9
ppc64le
gimp-2.99.8-4.el9_2.3.ppc64le.rpm SHA-256: 4eb58628ffcff4685f9c4a4b6148761d6e4178dbc23fdf9a84c8349f704c175c
gimp-debuginfo-2.99.8-4.el9_2.3.ppc64le.rpm SHA-256: 75a6fec64231c356a8d2c3817a7dd8750b2e079c7b8f292c0c18d4dce902aebf
gimp-debugsource-2.99.8-4.el9_2.3.ppc64le.rpm SHA-256: e9ad9f2ea1d77bb87786b1b74f0ec5099c58e3caa7d08d4fc0df63660c465d75
gimp-devel-tools-debuginfo-2.99.8-4.el9_2.3.ppc64le.rpm SHA-256: b6fea32cd29aae700b2292a212aaead831bc907726c6db61125fc78e6438620e
gimp-libs-2.99.8-4.el9_2.3.ppc64le.rpm SHA-256: 4ffcae942b3bbea4d079522a6bc9cf800537ac91f1d3bf241bda79a5753dcb0d
gimp-libs-debuginfo-2.99.8-4.el9_2.3.ppc64le.rpm SHA-256: 52508fd5f41b0a8b842635943e1af97238b5a881d2125e49dd37dbceb9a644dc

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2

SRPM
gimp-2.99.8-4.el9_2.3.src.rpm SHA-256: 036aedab52f93a8d7cdd5e307911ed185fce4def07121edd649801806bdc4be9
x86_64
gimp-2.99.8-4.el9_2.3.x86_64.rpm SHA-256: 7fbb5decab62616998845397e6be09e1b91e3561d73bedd4a12e21d697af61f0
gimp-debuginfo-2.99.8-4.el9_2.3.i686.rpm SHA-256: 65b12811b0babbb4f605265df996a4480c2f4f426592e5e1a47ea5143e302129
gimp-debuginfo-2.99.8-4.el9_2.3.x86_64.rpm SHA-256: 50e3b8a169e88a9ad246ba5dbb3f5aa12d3e1b8ba3ff4d7ac39580c21270eed0
gimp-debugsource-2.99.8-4.el9_2.3.i686.rpm SHA-256: 752697c57a9696f78cad66c84acfbcd28756f97211f4414297ecde799f9fd9c7
gimp-debugsource-2.99.8-4.el9_2.3.x86_64.rpm SHA-256: 820e0d9eb25d0c4509be7e2095f5bcc0a916a51444f7255d06ccd236bdbb075d
gimp-devel-tools-debuginfo-2.99.8-4.el9_2.3.i686.rpm SHA-256: 4987514709d9addea08a4d6105eaf9f8cab0bcd92c502c5ef78203d097e61e2f
gimp-devel-tools-debuginfo-2.99.8-4.el9_2.3.x86_64.rpm SHA-256: 2d83d9fa0aa89d5904922f8818f6aa3a7bffeb53922f69514f1739b54ced0056
gimp-libs-2.99.8-4.el9_2.3.i686.rpm SHA-256: c98232def36936808cd578a3adcbd193ca198d1d84b7ffac73911c370a33f747
gimp-libs-2.99.8-4.el9_2.3.x86_64.rpm SHA-256: 4328a35c3c13cd05de926c2d2532e23076640afabe77621c709f4b6a1efc8112
gimp-libs-debuginfo-2.99.8-4.el9_2.3.i686.rpm SHA-256: bf5ae94d0d3f8b5f06eef7a64e7959748a5a5dada816c8c1ee4ca75c89a55bb3
gimp-libs-debuginfo-2.99.8-4.el9_2.3.x86_64.rpm SHA-256: cf1f0b2b63c23772edd68da4d1772d66bed3b79cf9b7c8272790096866aeb66c

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2

SRPM
gimp-2.99.8-4.el9_2.3.src.rpm SHA-256: 036aedab52f93a8d7cdd5e307911ed185fce4def07121edd649801806bdc4be9
aarch64
gimp-2.99.8-4.el9_2.3.aarch64.rpm SHA-256: 08c98a0a4b11e9e8a954ba3b683deede65bdecc9018731926e5a32cf103c2383
gimp-debuginfo-2.99.8-4.el9_2.3.aarch64.rpm SHA-256: e4bb2bc949ad0f44b56019211219520599ab371d940618284a82779e02b2cb5d
gimp-debugsource-2.99.8-4.el9_2.3.aarch64.rpm SHA-256: 397f30f38928a12293d408ada2720db2fa40443596b5d7eb29d3848b861b5cf3
gimp-devel-tools-debuginfo-2.99.8-4.el9_2.3.aarch64.rpm SHA-256: ce7eb55bc294ad87f74893fa2ad2da26a59f6d7d16eb21d99a0792d9d05d29b7
gimp-libs-2.99.8-4.el9_2.3.aarch64.rpm SHA-256: 97c6f610ccaa75a8a88e08d40fc4824ff3a0d05bb39bf5548c593b1bcb2151a8
gimp-libs-debuginfo-2.99.8-4.el9_2.3.aarch64.rpm SHA-256: 209fac2ac5d3f3fbda90f11e895203f44de0adac5f3e7f9a42d4420c49581507

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2

SRPM
gimp-2.99.8-4.el9_2.3.src.rpm SHA-256: 036aedab52f93a8d7cdd5e307911ed185fce4def07121edd649801806bdc4be9
s390x
gimp-2.99.8-4.el9_2.3.s390x.rpm SHA-256: a10f6a7e8abb7eea662cd10f34d78336bfe652d84ea5e9fae6976065616f5d48
gimp-debuginfo-2.99.8-4.el9_2.3.s390x.rpm SHA-256: 5148fb3f5e7361f34ed09ca44f5add7fbf65e3372f88b284c1028d11be0f5f74
gimp-debugsource-2.99.8-4.el9_2.3.s390x.rpm SHA-256: 4a7dcb9b8682a62030a57a2267578d979fef586942ef07b6dbdce7c57fd330df
gimp-devel-tools-debuginfo-2.99.8-4.el9_2.3.s390x.rpm SHA-256: 4177ad663bba04136223848938404720ccfb03e447fdc4f5bfa409e73421e8fd
gimp-libs-2.99.8-4.el9_2.3.s390x.rpm SHA-256: a20f6d0aecd77b1e47b40da04d90cf6a314a0b31e95e40510c8487412811627a
gimp-libs-debuginfo-2.99.8-4.el9_2.3.s390x.rpm SHA-256: 01517e4d93bfa14c518e3df20d3b4ede37059c38568a46b24e2fe26001d814fc

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.