CVE-2026-2239

| EUVD-2026-16339 LOW
2026-03-26 redhat GHSA-pjv8-58qr-6mxx
2.8
CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

4
Patch Released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 26, 2026 - 20:31 euvd
EUVD-2026-16339
Analysis Generated
Mar 26, 2026 - 20:31 vuln.today
CVE Published
Mar 26, 2026 - 20:00 nvd
LOW 2.8

Tags

Buffer Overflow Denial Of Service

Description

A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the fread_pascal_string function when processing a specially crafted PSD (Photoshop Document) file. This occurs because the buffer allocated for a Pascal string is not properly null-terminated, leading to an out-of-bounds read when strlen() is subsequently called. Successfully exploiting this vulnerability can cause the application to crash, resulting in an application level Denial of Service.

Analysis

GIMP's PSD file parser crashes when processing specially crafted Photoshop documents due to improper null-termination in the fread_pascal_string function, allowing local authenticated users to trigger a denial of service. The vulnerability affects GIMP across Red Hat Enterprise Linux 7, 8, and 9, as well as multiple Debian and Ubuntu releases tracked by their respective security teams. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

During next maintenance window: Apply vendor patches when convenient. Monitor vendor channels for updates.

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

14
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +14
POC: 0

Vendor Status

Ubuntu

Priority: Medium
gimp
Release Status Version
xenial needs-triage -
bionic needs-triage -
focal needs-triage -
jammy needs-triage -
noble needs-triage -
questing needs-triage -
upstream needs-triage -

Debian

Bug #1127838
gimp
Release Status Fixed Version Urgency
bullseye fixed 2.10.22-4+deb11u6 -
bullseye (security) fixed 2.10.22-4+deb11u7 -
bookworm fixed 2.10.34-1+deb12u8 -
bookworm (security) fixed 2.10.34-1+deb12u9 -
trixie (security), trixie fixed 3.0.4-3+deb13u7 -
forky fixed 3.2.0~RC3-1 -
sid fixed 3.2.0-1 -
trixie fixed 3.0.4-3+deb13u6 -
(unstable) fixed 3.2.0~RC2-3.2 -
DLA-4483-1 DSA-6139-1

Share

CVE-2026-2239 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy