Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-59089— Gimp: gimp: denial of service via integer overflow in playstation tim loader

CVSS 5.5 · Medium EPSS 0.21% · P11

Possible ATT&CK Techniques 1AI

T1190 · Exploit Public-Facing Application

Affected Version Matrix 4

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-59089

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Gimp: gimp: denial of service via integer overflow in playstation tim loader
Source: NVD (National Vulnerability Database)
Vulnerability Description
A flaw was found in GIMP. The PlayStation TIM loader, responsible for handling PlayStation image files, incorrectly calculates the size of the Color Look-Up Table (CLUT) due to an integer overflow. This occurs when multiplying num_colors and num_cluts, both 16-bit unsigned short integers, resulting in a value exceeding the maximum integer limit. An attacker could exploit this by providing a specially crafted image file, leading to undefined behavior and causing the GIMP plug-in to abort, effectively resulting in a denial of service.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
整数溢出或超界折返
Source: NVD (National Vulnerability Database)
Vulnerability Title
GIMP 数字错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
GIMP是GIMP组织开源的一款开源的位图图像编辑器。 GIMP存在数字错误漏洞,该漏洞源于PlayStation TIM加载器在处理PlayStation图像文件时,因整数溢出错误计算Color Look-Up Table(CLUT)的大小,导致num_colors和num_cluts相乘结果超出最大整数限制,攻击者可通过提供特制图像文件导致GIMP插件中止,有效造成拒绝服务。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Red HatRed Hat Enterprise Linux 6-cpe:/o:redhat:enterprise_linux:6
Red HatRed Hat Enterprise Linux 7-cpe:/o:redhat:enterprise_linux:7
Red HatRed Hat Enterprise Linux 8-cpe:/o:redhat:enterprise_linux:8
Red HatRed Hat Enterprise Linux 9-cpe:/o:redhat:enterprise_linux:9

II. Public POCs for CVE-2026-59089

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-59089

登录查看更多情报信息。

Patches & Fixes for CVE-2026-59089 (1)

Vendor Advisories for CVE-2026-59089 (2)

Same Patch Batch · Red Hat · 2026-07-06 · 3 CVEs total

CVE-2026-91657.7 HIGHStackrox: stackrox: unbounded graphql query depth allows authenticated denial of service
CVE-2026-583807.3 HIGHGimp: gimp: stack buffer overflow in pnmscanner_gettoken()

IV. Related Vulnerabilities

V. Comments for CVE-2026-59089

No comments yet


Leave a comment