A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the FITS image loader by providing a specially crafted FITS file. This integer overflow leads to a zero-byte memory allocation, which is then subjected to a heap buffer overflow when processing pixel data. Successful exploitation could result in a denial of service (DoS) or potentially arbitrary code execution.
Users should avoid opening untrusted FITS image files with GIMP. If GIMP is not required, consider removing the gimp package to eliminate the attack surface. This can be done using the system's package manager, for example: sudo dnf remove gimp. Removing GIMP may impact other applications that depend on it.