Red Hat Product Errata RHSA-2026:25899 - Security Advisory
Issued:
2026-06-15
Updated:
2026-06-15

RHSA-2026:25899 - Security Advisory

Synopsis

Important: gimp security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for gimp is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The GIMP (GNU Image Manipulation Program) is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo.

Security Fix(es):

  • gimp: GIMP:Memory disclosure and denial of service via specially crafted PCX image (CVE-2026-4887)
  • gimp: GIMP: Remote Code Execution via XPM File Parsing Integer Overflow (CVE-2026-4154)
  • gimp: GIMP: Remote Code Execution via malicious JP2 file parsing (CVE-2026-4152)
  • GIMP: GIMP: Arbitrary code execution via specially crafted PSD file (CVE-2026-4150)
  • gimp: GIMP: Remote Code Execution via PSP file parsing (CVE-2026-4153)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server - AUS 9.2 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 s390x
  • Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.2 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.2 aarch64
  • Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.2 ppc64le
  • Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.2 s390x

Fixes

  • BZ - 2451669 - CVE-2026-4887 gimp: GIMP:Memory disclosure and denial of service via specially crafted PCX image
  • BZ - 2457530 - CVE-2026-4154 gimp: GIMP: Remote Code Execution via XPM File Parsing Integer Overflow
  • BZ - 2457533 - CVE-2026-4152 gimp: GIMP: Remote Code Execution via malicious JP2 file parsing
  • BZ - 2457535 - CVE-2026-4150 GIMP: GIMP: Arbitrary code execution via specially crafted PSD file
  • BZ - 2457536 - CVE-2026-4153 gimp: GIMP: Remote Code Execution via PSP file parsing

Red Hat Enterprise Linux Server - AUS 9.2

SRPM
gimp-2.99.8-4.el9_2.6.src.rpm SHA-256: 0f5722fdd5ac25f58eff049ec3a7e052b30d9500641a6b69a32ec97469127878
x86_64
gimp-2.99.8-4.el9_2.6.x86_64.rpm SHA-256: d4f2f1334221473f94dc39e291a58539c9496950cd1e3c1492b4df68c96e9962
gimp-debuginfo-2.99.8-4.el9_2.6.i686.rpm SHA-256: 6f4724be03d43c195798acffcea6bfe51738b3de18ade44987b5f877ce7142af
gimp-debuginfo-2.99.8-4.el9_2.6.x86_64.rpm SHA-256: 52118af06e15d866ef09218a608d82f19a61c4ddf091f842755b31e12438d789
gimp-debugsource-2.99.8-4.el9_2.6.i686.rpm SHA-256: fdca322402013ba3a620f3cd7b5a3abfd6c101cea75cebbca17213c3bd737e30
gimp-debugsource-2.99.8-4.el9_2.6.x86_64.rpm SHA-256: 10369b446216c9e603fa7b7b75a9a2c7fa3f4f06c17273ef30d1fe31b28448f8
gimp-devel-tools-debuginfo-2.99.8-4.el9_2.6.i686.rpm SHA-256: 3d60e7cac64dfa35e0d94cce4ba57dbdf26ce201b59ca0cf313fc7374485e0c7
gimp-devel-tools-debuginfo-2.99.8-4.el9_2.6.x86_64.rpm SHA-256: c94fb45001012ef9b18b31c55a97655431a0200eb8f43f9cf715c98a998c9bcc
gimp-libs-2.99.8-4.el9_2.6.i686.rpm SHA-256: 2e460073d97cbaa15cfeea40ce1d29ae42cad5238387cc0b9348f1922d194f9e
gimp-libs-2.99.8-4.el9_2.6.x86_64.rpm SHA-256: 375e1c6897b58002d20895f44de2c8e332f1d44309fe17b5827bf327297ba762
gimp-libs-debuginfo-2.99.8-4.el9_2.6.i686.rpm SHA-256: 31ac86f2a50e19d7be94150d62538af2d49b2805776e4c98326bddba86dddc43
gimp-libs-debuginfo-2.99.8-4.el9_2.6.x86_64.rpm SHA-256: 55e582ad76008baf63e80be014498719123d668d9c9d07cd8cae4b1a97cd3539

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2

SRPM
gimp-2.99.8-4.el9_2.6.src.rpm SHA-256: 0f5722fdd5ac25f58eff049ec3a7e052b30d9500641a6b69a32ec97469127878
ppc64le
gimp-2.99.8-4.el9_2.6.ppc64le.rpm SHA-256: 48bdb889769537ea0c8061c9d160196497fa06332cb40a481e1f3bf613a1fb5f
gimp-debuginfo-2.99.8-4.el9_2.6.ppc64le.rpm SHA-256: bb0b63893ca204895e0316063cc8de8ad9fc209636f7d2ca3b80e58b1f3e60c2
gimp-debugsource-2.99.8-4.el9_2.6.ppc64le.rpm SHA-256: 3e18f17c5dae0dea8a051d97a96ab75e85e4feba103bb16c7603daac78f09bd8
gimp-devel-tools-debuginfo-2.99.8-4.el9_2.6.ppc64le.rpm SHA-256: af709d2797ffa959485ed720eb5e5d1bb3cf56181e2fca19cc9f7167f410d8c3
gimp-libs-2.99.8-4.el9_2.6.ppc64le.rpm SHA-256: 5144707164d6fda358aa68f17ab361de4734e8bde0401fa77bb032aba9c2544b
gimp-libs-debuginfo-2.99.8-4.el9_2.6.ppc64le.rpm SHA-256: 1ab7f3f099d228dc0b3067d444bdf5cb2ada8c34d1ddd2a11d346b9ca40cb384

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2

SRPM
gimp-2.99.8-4.el9_2.6.src.rpm SHA-256: 0f5722fdd5ac25f58eff049ec3a7e052b30d9500641a6b69a32ec97469127878
x86_64
gimp-2.99.8-4.el9_2.6.x86_64.rpm SHA-256: d4f2f1334221473f94dc39e291a58539c9496950cd1e3c1492b4df68c96e9962
gimp-debuginfo-2.99.8-4.el9_2.6.i686.rpm SHA-256: 6f4724be03d43c195798acffcea6bfe51738b3de18ade44987b5f877ce7142af
gimp-debuginfo-2.99.8-4.el9_2.6.x86_64.rpm SHA-256: 52118af06e15d866ef09218a608d82f19a61c4ddf091f842755b31e12438d789
gimp-debugsource-2.99.8-4.el9_2.6.i686.rpm SHA-256: fdca322402013ba3a620f3cd7b5a3abfd6c101cea75cebbca17213c3bd737e30
gimp-debugsource-2.99.8-4.el9_2.6.x86_64.rpm SHA-256: 10369b446216c9e603fa7b7b75a9a2c7fa3f4f06c17273ef30d1fe31b28448f8
gimp-devel-tools-debuginfo-2.99.8-4.el9_2.6.i686.rpm SHA-256: 3d60e7cac64dfa35e0d94cce4ba57dbdf26ce201b59ca0cf313fc7374485e0c7
gimp-devel-tools-debuginfo-2.99.8-4.el9_2.6.x86_64.rpm SHA-256: c94fb45001012ef9b18b31c55a97655431a0200eb8f43f9cf715c98a998c9bcc
gimp-libs-2.99.8-4.el9_2.6.i686.rpm SHA-256: 2e460073d97cbaa15cfeea40ce1d29ae42cad5238387cc0b9348f1922d194f9e
gimp-libs-2.99.8-4.el9_2.6.x86_64.rpm SHA-256: 375e1c6897b58002d20895f44de2c8e332f1d44309fe17b5827bf327297ba762
gimp-libs-debuginfo-2.99.8-4.el9_2.6.i686.rpm SHA-256: 31ac86f2a50e19d7be94150d62538af2d49b2805776e4c98326bddba86dddc43
gimp-libs-debuginfo-2.99.8-4.el9_2.6.x86_64.rpm SHA-256: 55e582ad76008baf63e80be014498719123d668d9c9d07cd8cae4b1a97cd3539

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2

SRPM
gimp-2.99.8-4.el9_2.6.src.rpm SHA-256: 0f5722fdd5ac25f58eff049ec3a7e052b30d9500641a6b69a32ec97469127878
aarch64
gimp-2.99.8-4.el9_2.6.aarch64.rpm SHA-256: b1c9c58b102a73ca68e674906286014d26626dbf22952ec20d155376f0747ead
gimp-debuginfo-2.99.8-4.el9_2.6.aarch64.rpm SHA-256: de19ac096702890deeca6fc8fb204cb9a17c84eebd73987e40e4ce2413e080a6
gimp-debugsource-2.99.8-4.el9_2.6.aarch64.rpm SHA-256: d78b1c32bb17c6ca930ec65e5bd9cee73b41874ff0a75caef2e4cca35088dd04
gimp-devel-tools-debuginfo-2.99.8-4.el9_2.6.aarch64.rpm SHA-256: 971c752a71506faf3ee92e407ef4e49a9edfd4407544e0aaaf1672f1f063133e
gimp-libs-2.99.8-4.el9_2.6.aarch64.rpm SHA-256: 6bd6bb753da8fcdc7ad66175e86265ebba84713076cf7a59be65bf12812a2eef
gimp-libs-debuginfo-2.99.8-4.el9_2.6.aarch64.rpm SHA-256: 394f9f99a29cf2f4ce8f35d2afbefabd72187607b6dd3c956903849d81048488

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2

SRPM
gimp-2.99.8-4.el9_2.6.src.rpm SHA-256: 0f5722fdd5ac25f58eff049ec3a7e052b30d9500641a6b69a32ec97469127878
s390x
gimp-2.99.8-4.el9_2.6.s390x.rpm SHA-256: 531acb74a7f1475b3c563d3ca99642c5dbbc5fa6fc9600c6aefb6674d675d9c1
gimp-debuginfo-2.99.8-4.el9_2.6.s390x.rpm SHA-256: 83784942cb35ee0f7bf9ffe8fd62364656abda4e0a0317d9fb9511842263cd2e
gimp-debugsource-2.99.8-4.el9_2.6.s390x.rpm SHA-256: 8c30b2afdc54bee0c44abb4bb53fd477859602f958df84fd351e3fb8de033536
gimp-devel-tools-debuginfo-2.99.8-4.el9_2.6.s390x.rpm SHA-256: 9068a2651e3d61a0b460430458732d9a6233f7ec96a797e7f5d3a8a7affebd68
gimp-libs-2.99.8-4.el9_2.6.s390x.rpm SHA-256: 23be9ab65b5858f51941ec1f7d668adef4f9264b3f3883ceaa8474b2588bf89b
gimp-libs-debuginfo-2.99.8-4.el9_2.6.s390x.rpm SHA-256: 02f99d3a8f4519e57dedba8f24b3d7a523c6b6a35ae42fff14596f63a7c680c8

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.2

SRPM
gimp-2.99.8-4.el9_2.6.src.rpm SHA-256: 0f5722fdd5ac25f58eff049ec3a7e052b30d9500641a6b69a32ec97469127878
x86_64
gimp-2.99.8-4.el9_2.6.x86_64.rpm SHA-256: d4f2f1334221473f94dc39e291a58539c9496950cd1e3c1492b4df68c96e9962
gimp-debuginfo-2.99.8-4.el9_2.6.i686.rpm SHA-256: 6f4724be03d43c195798acffcea6bfe51738b3de18ade44987b5f877ce7142af
gimp-debuginfo-2.99.8-4.el9_2.6.x86_64.rpm SHA-256: 52118af06e15d866ef09218a608d82f19a61c4ddf091f842755b31e12438d789
gimp-debugsource-2.99.8-4.el9_2.6.i686.rpm SHA-256: fdca322402013ba3a620f3cd7b5a3abfd6c101cea75cebbca17213c3bd737e30
gimp-debugsource-2.99.8-4.el9_2.6.x86_64.rpm SHA-256: 10369b446216c9e603fa7b7b75a9a2c7fa3f4f06c17273ef30d1fe31b28448f8
gimp-devel-tools-debuginfo-2.99.8-4.el9_2.6.i686.rpm SHA-256: 3d60e7cac64dfa35e0d94cce4ba57dbdf26ce201b59ca0cf313fc7374485e0c7
gimp-devel-tools-debuginfo-2.99.8-4.el9_2.6.x86_64.rpm SHA-256: c94fb45001012ef9b18b31c55a97655431a0200eb8f43f9cf715c98a998c9bcc
gimp-libs-2.99.8-4.el9_2.6.i686.rpm SHA-256: 2e460073d97cbaa15cfeea40ce1d29ae42cad5238387cc0b9348f1922d194f9e
gimp-libs-2.99.8-4.el9_2.6.x86_64.rpm SHA-256: 375e1c6897b58002d20895f44de2c8e332f1d44309fe17b5827bf327297ba762
gimp-libs-debuginfo-2.99.8-4.el9_2.6.i686.rpm SHA-256: 31ac86f2a50e19d7be94150d62538af2d49b2805776e4c98326bddba86dddc43
gimp-libs-debuginfo-2.99.8-4.el9_2.6.x86_64.rpm SHA-256: 55e582ad76008baf63e80be014498719123d668d9c9d07cd8cae4b1a97cd3539

Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.2

SRPM
gimp-2.99.8-4.el9_2.6.src.rpm SHA-256: 0f5722fdd5ac25f58eff049ec3a7e052b30d9500641a6b69a32ec97469127878
aarch64
gimp-2.99.8-4.el9_2.6.aarch64.rpm SHA-256: b1c9c58b102a73ca68e674906286014d26626dbf22952ec20d155376f0747ead
gimp-debuginfo-2.99.8-4.el9_2.6.aarch64.rpm SHA-256: de19ac096702890deeca6fc8fb204cb9a17c84eebd73987e40e4ce2413e080a6
gimp-debugsource-2.99.8-4.el9_2.6.aarch64.rpm SHA-256: d78b1c32bb17c6ca930ec65e5bd9cee73b41874ff0a75caef2e4cca35088dd04
gimp-devel-tools-debuginfo-2.99.8-4.el9_2.6.aarch64.rpm SHA-256: 971c752a71506faf3ee92e407ef4e49a9edfd4407544e0aaaf1672f1f063133e
gimp-libs-2.99.8-4.el9_2.6.aarch64.rpm SHA-256: 6bd6bb753da8fcdc7ad66175e86265ebba84713076cf7a59be65bf12812a2eef
gimp-libs-debuginfo-2.99.8-4.el9_2.6.aarch64.rpm SHA-256: 394f9f99a29cf2f4ce8f35d2afbefabd72187607b6dd3c956903849d81048488

Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.2

SRPM
gimp-2.99.8-4.el9_2.6.src.rpm SHA-256: 0f5722fdd5ac25f58eff049ec3a7e052b30d9500641a6b69a32ec97469127878
ppc64le
gimp-2.99.8-4.el9_2.6.ppc64le.rpm SHA-256: 48bdb889769537ea0c8061c9d160196497fa06332cb40a481e1f3bf613a1fb5f
gimp-debuginfo-2.99.8-4.el9_2.6.ppc64le.rpm SHA-256: bb0b63893ca204895e0316063cc8de8ad9fc209636f7d2ca3b80e58b1f3e60c2
gimp-debugsource-2.99.8-4.el9_2.6.ppc64le.rpm SHA-256: 3e18f17c5dae0dea8a051d97a96ab75e85e4feba103bb16c7603daac78f09bd8
gimp-devel-tools-debuginfo-2.99.8-4.el9_2.6.ppc64le.rpm SHA-256: af709d2797ffa959485ed720eb5e5d1bb3cf56181e2fca19cc9f7167f410d8c3
gimp-libs-2.99.8-4.el9_2.6.ppc64le.rpm SHA-256: 5144707164d6fda358aa68f17ab361de4734e8bde0401fa77bb032aba9c2544b
gimp-libs-debuginfo-2.99.8-4.el9_2.6.ppc64le.rpm SHA-256: 1ab7f3f099d228dc0b3067d444bdf5cb2ada8c34d1ddd2a11d346b9ca40cb384

Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.2

SRPM
gimp-2.99.8-4.el9_2.6.src.rpm SHA-256: 0f5722fdd5ac25f58eff049ec3a7e052b30d9500641a6b69a32ec97469127878
s390x
gimp-2.99.8-4.el9_2.6.s390x.rpm SHA-256: 531acb74a7f1475b3c563d3ca99642c5dbbc5fa6fc9600c6aefb6674d675d9c1
gimp-debuginfo-2.99.8-4.el9_2.6.s390x.rpm SHA-256: 83784942cb35ee0f7bf9ffe8fd62364656abda4e0a0317d9fb9511842263cd2e
gimp-debugsource-2.99.8-4.el9_2.6.s390x.rpm SHA-256: 8c30b2afdc54bee0c44abb4bb53fd477859602f958df84fd351e3fb8de033536
gimp-devel-tools-debuginfo-2.99.8-4.el9_2.6.s390x.rpm SHA-256: 9068a2651e3d61a0b460430458732d9a6233f7ec96a797e7f5d3a8a7affebd68
gimp-libs-2.99.8-4.el9_2.6.s390x.rpm SHA-256: 23be9ab65b5858f51941ec1f7d668adef4f9264b3f3883ceaa8474b2588bf89b
gimp-libs-debuginfo-2.99.8-4.el9_2.6.s390x.rpm SHA-256: 02f99d3a8f4519e57dedba8f24b3d7a523c6b6a35ae42fff14596f63a7c680c8

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.