EUVD-2026-16341
GHSA-8g7q-m2xj-67ch
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Lifecycle Timeline
4Description
A flaw was found in GIMP. An integer overflow vulnerability exists when processing ICO image files, specifically in the `ico_read_info` and `ico_read_icon` functions. This issue arises because a size calculation for image buffers can wrap around due to a 32-bit integer evaluation, allowing oversized image headers to bypass security checks. A remote attacker could exploit this by providing a specially crafted ICO file, leading to a buffer overflow and memory corruption, which may result in an application level denial of service.
Analysis
A security vulnerability in A flaw (CVSS 4.3). Remediation should follow standard vulnerability management procedures.
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.
Sign in for detailed remediation steps.
Priority Score
Vendor Status
Ubuntu
Priority: Medium| Release | Status | Version |
|---|---|---|
| xenial | needs-triage | - |
| bionic | needs-triage | - |
| focal | needs-triage | - |
| jammy | needs-triage | - |
| noble | needs-triage | - |
| questing | needs-triage | - |
| upstream | needs-triage | - |
Debian
Bug #1127842| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye | fixed | 2.10.22-4+deb11u6 | - |
| bullseye (security) | fixed | 2.10.22-4+deb11u7 | - |
| bookworm | fixed | 2.10.34-1+deb12u8 | - |
| bookworm (security) | fixed | 2.10.34-1+deb12u9 | - |
| trixie, trixie (security) | fixed | 3.0.4-3+deb13u7 | - |
| forky | fixed | 3.2.0~RC3-1 | - |
| sid | fixed | 3.2.0-1 | - |
| trixie | fixed | 3.0.4-3+deb13u6 | - |
| (unstable) | fixed | 3.2.0~RC2-3.2 | - |
Share
External POC / Exploit Code
Leaving vuln.today