Get a Demo

Let's Patch It!

Book a short call with one our specialists, we'll walk you through how Endor Patches work, and ask you a few questions about your environment (like your primary programming languages and repository management). We'll also send you an email right after you fill out the form, feel free to reply with any questions you have in advance!

CVE

CVE-2026-4153

gimp: GIMP: Remote Code Execution via PSP file parsing (important)
Back to all
CVE

CVE-2026-4153

gimp: GIMP: Remote Code Execution via PSP file parsing (important)

DOCUMENTATION: A flaw was found in GIMP. A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted PSP (PaintShop Pro) file. This flaw is caused by a heap-based buffer overflow, where the application does not properly validate the length of user-supplied data. Successful exploitation can lead to arbitrary code execution in the context of the current process. 

            STATEMENT: This is an Important vulnerability in GIMP that could lead to arbitrary code execution. The flaw requires user interaction, as an attacker must entice a user to open a specially crafted PSP (PaintShop Pro) file. Red Hat products are affected if GIMP is installed and used to open untrusted PSP files.

            MITIGATION: To mitigate this vulnerability, users should avoid opening untrusted PSP (PaintShop Pro) files with GIMP. Restricting the sources of PSP files to only trusted origins can reduce the risk of exploitation.

Package Versions Affected

Package Version
patch Availability
No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request

CVSS Version

Severity
Base Score
CVSS Version
Score Vector
C
H
U
7.8
-
3.0
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
C
H
U
-
C
H
U
-

Related Resources

No items found.

References

https://access.redhat.com/security/cve/CVE-2026-4153

Severity

0

CVSS Score
0
10

Basic Information

Ecosystem
Base CVSS
0
EPSS Probability
0.00068%
EPSS Percentile
0.21083%
Introduced Version
0
Fix Available
0:1.16.3-7.module+el8.10.0+22676+becd68d6,2:2.8.22-26.module+el8.10.0+24277+6acc3952.6,0:2.28.7-5.module+el8.10.0+22676+becd68d6,0:2.24.0-25.module+el8.9.0+21228+8e80d31d,2:3.0.4-1.el9_7.5,2:3.0.4-4.el9_8.4,2.10.34-1+deb12u10,2.10.22-4+deb11u8,3.0.4-3+deb13u8,2:2.8.22-26.module+el8.10.0+90890+b83bdeeb.6,0:2.28.7-5.module+el8.10.0+90497+ae78887f,0:2.24.0-25.module+el8.9.0+90151+46a7e4b5,0:1.16.3-7.module+el8.10.0+90497+ae78887f,2:2.8.22-1.amzn2.0.14

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.
Fix Without Upgrading