Integer Overflow Vulnerability in GIMP PlayStation TIM Loader
CVE-2026-59089

5.5MEDIUM

What is CVE-2026-59089?

An integer overflow flaw in the PlayStation TIM loader of GIMP can lead to improper size calculations of the Color Look-Up Table (CLUT). This vulnerability arises when the loader computes the product of num_colors and num_cluts, both represented as 16-bit unsigned short integers. If an attacker sends a specially crafted image file exploiting this flaw, it may trigger undefined behavior, potentially causing the GIMP plug-in to crash. Such an outcome results in a denial of service, disrupting the application’s functionality and user experience.

References

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.