RLSA-2026:5113

The GIMP (GNU Image Manipulation Program) is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo.

Security Fix(es):

gimp: GIMP: Remote Code Execution via uninitialized memory in PGM file parsing (CVE-2026-2044)
gimp: GIMP: Remote Code Execution via out-of-bounds write in XWD file parsing (CVE-2026-2045)
gimp: GIMP: Remote Code Execution via ICO File Parsing Vulnerability (CVE-2026-0797)
gimp: GIMP: Remote Code Execution via XWD file parsing vulnerability (CVE-2026-2048)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Credits

- Rocky Enterprise Software Foundation
- Red Hat

Affected packages

Rocky Linux:8

gimp

Package

Name: gimp
Purl: pkg:rpm/rocky-linux/gimp?distro=rocky-linux-8&epoch=2

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

2:2.8.22-26.module+el8.10.0+40033+6fd27379.3

Database specific

{
    "yum_repository": "AppStream"
}

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2026:5113.json"

gimp

Package

Name: gimp
Purl: pkg:rpm/rocky-linux/gimp?distro=rocky-linux-8&epoch=2

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

2:2.8.22-26.module+el8.10.0+1927+52edb5a0

Database specific

{
    "yum_repository": "AppStream"
}

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2026:5113.json"

gimp

Package

Name: gimp
Purl: pkg:rpm/rocky-linux/gimp?distro=rocky-linux-8&epoch=2

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

2:2.8.22-26.module+el8.10.0+1998+a08ccc48.2

Database specific

{
    "yum_repository": "AppStream"
}

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2026:5113.json"

gimp

Package

Name: gimp
Purl: pkg:rpm/rocky-linux/gimp?distro=rocky-linux-8&epoch=2

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

2:2.8.22-26.module+el8.10.0+40075+a21479b4.4

Database specific

{
    "yum_repository": "AppStream"
}

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2026:5113.json"

pygobject2

Package

Name: pygobject2
Purl: pkg:rpm/rocky-linux/pygobject2?distro=rocky-linux-8&epoch=0

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

0:2.28.7-5.module+el8.10.0+1927+52edb5a0

Database specific

{
    "yum_repository": "AppStream"
}

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2026:5113.json"

pygtk2

Package

Name: pygtk2
Purl: pkg:rpm/rocky-linux/pygtk2?distro=rocky-linux-8&epoch=0

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

0:2.24.0-25.module+el8.9.0+1723+9bc93544

Database specific

{
    "yum_repository": "AppStream"
}

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2026:5113.json"

python2-pycairo

Package

Name: python2-pycairo
Purl: pkg:rpm/rocky-linux/python2-pycairo?distro=rocky-linux-8&epoch=0

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

0:1.16.3-7.module+el8.10.0+1927+52edb5a0

Database specific

{
    "yum_repository": "AppStream"
}

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2026:5113.json"