Bug 2457535 (CVE-2026-4150)
| Summary: | CVE-2026-4150 GIMP: GIMP: Arbitrary code execution via specially crafted PSD file | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in GIMP. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted PSD (Photoshop Document) file. This flaw is due to an integer overflow during the parsing of PSD files, which can lead to arbitrary code execution, allowing the attacker to run malicious code on the affected system.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2457806 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2026-04-11 01:01:39 UTC
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:16484 https://access.redhat.com/errata/RHSA-2026:16484 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:17533 https://access.redhat.com/errata/RHSA-2026:17533 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:19362 https://access.redhat.com/errata/RHSA-2026:19362 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2026:20553 https://access.redhat.com/errata/RHSA-2026:20553 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Via RHSA-2026:20552 https://access.redhat.com/errata/RHSA-2026:20552 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Enterprise Linux 8.8 Telecommunications Update Service Via RHSA-2026:20554 https://access.redhat.com/errata/RHSA-2026:20554 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2026:20691 https://access.redhat.com/errata/RHSA-2026:20691 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2026:25899 https://access.redhat.com/errata/RHSA-2026:25899 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.6 Extended Update Support Via RHSA-2026:25901 https://access.redhat.com/errata/RHSA-2026:25901 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions Via RHSA-2026:25907 https://access.redhat.com/errata/RHSA-2026:25907 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extended Lifecycle Support Via RHSA-2026:26168 https://access.redhat.com/errata/RHSA-2026:26168 |