Is Integer Overflow affected by CVE-2026-2271?

CVE-2026-2271 is a low-severity vulnerability in A flaw involving integer overflow (CVSS 3.3). The limited severity suggests constrained impact, typically requiring specific conditions or local access for exploitation. Apply vendor updates when available as part of routine maintenance.

CVE-2026-2271

EUVD-2026-16340 LOW

2026-03-26 redhat

GHSA-688g-4qr3-6q47

3.3

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

EUVD ID Assigned

Mar 26, 2026 - 20:31 euvd

EUVD-2026-16340

Analysis Generated

Mar 26, 2026 - 20:31 vuln.today

CVE Published

Mar 26, 2026 - 20:00 nvd

LOW 3.3

Description

A flaw was found in GIMP's PSP (Paint Shop Pro) file parser. A remote attacker could exploit an integer overflow vulnerability in the read_creator_block() function by providing a specially crafted PSP image file. This vulnerability occurs when a 32-bit length value from the file is used for memory allocation without proper validation, leading to a heap overflow and an out-of-bounds write. Successful exploitation could result in an application level denial of service.

Analysis

GIMP's PSP file parser fails to validate 32-bit length values in the read_creator_block() function, allowing local attackers to trigger integer overflow and heap buffer overflow via specially crafted PSP image files, resulting in application-level denial of service. Red Hat Enterprise Linux versions 6-9, Ubuntu (7 releases), Debian (9 releases), and SUSE are affected. …

Remediation

During next maintenance window: Apply vendor patches when convenient. Verify integer overflow controls are in place.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +16

POC: 0

Vendor Status

Ubuntu

Priority: Medium

gimp

Release	Status	Version
xenial	needs-triage	-
bionic	needs-triage	-
focal	needs-triage	-
jammy	needs-triage	-
noble	needs-triage	-
questing	needs-triage	-
upstream	needs-triage	-

Debian

Bug #1127841

gimp

Release	Status	Fixed Version	Urgency
bullseye	fixed	2.10.22-4+deb11u6	-
bullseye (security)	fixed	2.10.22-4+deb11u7	-
bookworm	fixed	2.10.34-1+deb12u8	-
bookworm (security)	fixed	2.10.34-1+deb12u9	-
trixie, trixie (security)	fixed	3.0.4-3+deb13u7	-
forky	fixed	3.2.0~RC3-1	-
sid	fixed	3.2.0-1	-
trixie	fixed	3.0.4-3+deb13u6	-
(unstable)	fixed	3.2.0~RC2-3.2	-

DLA-4483-1 DSA-6139-1

CVE-2026-2271 vulnerability details – vuln.today

Back

CVE-2026-2271

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Vendor Status

Ubuntu

Debian

Share

CVE-2026-2271

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Vendor Status

Ubuntu

Debian

Share

External POC / Exploit Code