Back

Multiple CVEs Discovered in GIMP for Rocky Linux and RHEL 9

Severity: High (Score: 70.5)

Sources: Tenable

Summary

A series of vulnerabilities affecting GIMP in Rocky Linux 9 and RHEL 9 have been identified, with multiple CVEs published on March 26, 2026. The vulnerabilities include CVE-2026-4150, CVE-2026-4151, CVE-2026-4152, CVE-2026-4153, CVE-2026-4154, and CVE-2026-4887, all of which have available exploits. The vulnerabilities are categorized under various Common Weakness Enumerations (CWEs), including buffer errors and improper validation. The patch for Rocky Linux was published on May 14, 2026, while RHEL's patch was released on May 12, 2026. Administrators are advised to apply these patches promptly to mitigate potential exploitation. The vulnerabilities affect both distributions' GIMP packages, posing a risk to users and organizations relying on these systems. The current status indicates that exploits are available, heightening the urgency for remediation. Key Points: • Multiple CVEs affecting GIMP in Rocky Linux 9 and RHEL 9 have been published. • Exploits for these vulnerabilities are available, increasing the risk of attacks. • Patches were released on May 12 and May 14, 2026; immediate application is recommended.

Key Entities

  • CVE-2026-4150 (cve)
  • CVE-2026-4151 (cve)
  • CVE-2026-4152 (cve)
  • CVE-2026-4153 (cve)
  • CVE-2026-4154 (cve)
  • CWE-120 - Classic Buffer Overflow (cwe)
  • Cwe-131 - Incorrect Calculation Of Buffer Size (cwe)
  • Cwe-190 - Integer Overflow Or Wraparound (cwe)
  • Cwe-193 - Off-by-one Error (cwe)
  • RockyLinux (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed