CVE-2026-2272

Medium CVSS: 4.3

A flaw was found in GIMP. An integer overflow vulnerability exists when processing ICO image files, specifically in the `ico_read_info` and `ico_read_icon` functions. This issue arises because a size calculation for image buffers can wrap around due to a 32-bit integer evaluation, allowing oversized image headers to bypass security checks. A remote attacker could exploit this by providing a specially crafted ICO file, leading to a buffer overflow and memory corruption, which may result in an application level denial of service.

Vendor

Gimp

Product

Gimp

CWE

CWE-190

Yayın Tarihi

2026-03-26 21:17:04

Güncelleme

2026-04-03 20:17:54

Source Identifier

secalert@redhat.com

KEV Date Added

Kategoriler

CWE-190 Gimp MEDIUM Gimp 2026

Referanslar

https://access.redhat.com/security/cve/CVE-2026-2272 https://bugzilla.redhat.com/show_bug.cgi?id=2438428 https://gitlab.gnome.org/GNOME/gimp/-/issues/15617 https://bugzilla.redhat.com/show_bug.cgi?id=2438428 https://gitlab.gnome.org/GNOME/gimp/-/issues/15617

Benzer Kayıtlar

Low

CVE-2026-2239

A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the fread_pascal_string function when processing…

High

CVE-2026-2047

GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote…

High

CVE-2026-2048

GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attacker…

High

CVE-2026-2044

GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attacke…

High

CVE-2026-2045

GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attacker…

High

CVE-2026-0797

GIMP ICO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote a…