gimp-3.0.4-1.el9_7.3

エラータID: AXSA:2026-197:02

Release date: 
Thursday, February 19, 2026 - 11:20
Subject: 
gimp-3.0.4-1.el9_7.3
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

The GIMP (GNU Image Manipulation Program) is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo.

Security Fix(es):

* gimp: heap-based buffer overflow via specially crafted PSP file (CVE-2025-15059)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-15059
GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28232.

Solution: 

Update packages.

CVEs: 
CVE-2025-15059
GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28232.
Additional Info: 

N/A

Download: 

SRPMS
  1. gimp-3.0.4-1.el9_7.3.src.rpm
    MD5: 1b9fea1c5529dd21bd8a860495ab0a6d
    SHA-256: e1dc9612420909b99e2a8690f9db005b3066b2bbd6f926344965a96037f44fbc
    Size: 25.86 MB

Asianux Server 9 for x86_64
  1. gimp-3.0.4-1.el9_7.3.x86_64.rpm
    MD5: 7e170f211b616cca495365a5cb928ba2
    SHA-256: 11a79ac6891ddb5f7d738fbc46717f9ee78f1cfe8450165ee4a8b8dd5c4edd03
    Size: 20.92 MB
  2. gimp-libs-3.0.4-1.el9_7.3.i686.rpm
    MD5: 4571aa6595ff10760d958ca54e8b02f1
    SHA-256: 9299337a6cc7e6b4c2d1bcb3d559eed47755462fb66044f13f1612b34dbdfa29
    Size: 850.96 kB
  3. gimp-libs-3.0.4-1.el9_7.3.x86_64.rpm
    MD5: fd7135aac0487352df5e2373b50ed442
    SHA-256: 4939ccaf81495c106e6557d71510356eb3e1b69beb38a7497925a9d28dff02b7
    Size: 802.37 kB