CVE-2026-2272: integer overflow in ICO file handling can lead to a heap buffer overflow (bsc#1258000).
CVE-2026-2271: integer overflow in the PSP file parser can lead to a heap buffer overflow (bsc#1257999).
CVE-2026-2239: missing null terminator when processing a specially crafted PSD file can lead to a heap buffer
overflow and an application crash (bsc#1257959).
Affected Packages
gimp
SUSE Linux Enterprise Module for Package Hub 15 SP7SUSE Linux Enterprise Workstation Extension 15 SP7openSUSE Leap 15.6
Fixed in:
2.10.30-150400.3.44.1
gimp-devel
SUSE Linux Enterprise Module for Package Hub 15 SP7SUSE Linux Enterprise Workstation Extension 15 SP7openSUSE Leap 15.6
Fixed in:
2.10.30-150400.3.44.1
gimp-lang
SUSE Linux Enterprise Module for Package Hub 15 SP7SUSE Linux Enterprise Workstation Extension 15 SP7openSUSE Leap 15.6
Fixed in:
2.10.30-150400.3.44.1
gimp-plugin-aa
SUSE Linux Enterprise Module for Package Hub 15 SP7openSUSE Leap 15.6
Fixed in:
2.10.30-150400.3.44.1
libgimp-2_0-0
SUSE Linux Enterprise Module for Package Hub 15 SP7SUSE Linux Enterprise Workstation Extension 15 SP7openSUSE Leap 15.6
Fixed in:
2.10.30-150400.3.44.1
libgimpui-2_0-0
SUSE Linux Enterprise Module for Package Hub 15 SP7SUSE Linux Enterprise Workstation Extension 15 SP7openSUSE Leap 15.6