Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Lifecycle Timeline
4DescriptionCVE.org
A flaw was found in GIMP. An integer overflow vulnerability exists when processing ICO image files, specifically in the ico_read_info and ico_read_icon functions. This issue arises because a size calculation for image buffers can wrap around due to a 32-bit integer evaluation, allowing oversized image headers to bypass security checks. A remote attacker could exploit this by providing a specially crafted ICO file, leading to a buffer overflow and memory corruption, which may result in an application level denial of service.
AnalysisAI
A security vulnerability in A flaw (CVSS 4.3). Remediation should follow standard vulnerability management procedures.
Technical ContextAI
CWE-190 (Integer Overflow). Affects A flaw.
RemediationAI
Monitor vendor channels for patch availability. Consider network segmentation to limit exposure if patching is delayed.
More in Red Hat Enterprise Linux 6
View allRemote code execution in Samba's printing subsystem allows remote attackers to inject arbitrary shell commands via craft
Remote code execution and privilege escalation in HPLIP (HP Linux Imaging and Printing) affects the hpcups print filter
Out-of-bounds read in the GnuTLS DTLS handshake reassembly logic lets remote unauthenticated attackers trigger an intege
Denial of service in Red Hat / 389 Directory Server (389-ds-base, versions since ~1.3.2/2013) allows an authenticated LD
Local-to-domain-wide root privilege escalation in SSSD's LDAP sudo provider allows an authenticated LDAP directory user
Heap buffer overflow in GStreamer's librfb (RFB/VNC client) allows a malicious VNC server to corrupt heap memory on a co
Information disclosure and denial of service in GnuTLS (libgnutls) let a remote, unauthenticated attacker trigger a heap
Remote denial-of-service in libssh 0.11.x and earlier allows unauthenticated attackers to crash SSH server daemon proces
Here is the multi-source synthesis as a single JSON object: ```json { "product_name": "GnuTLS", "summary": "Certifi
Privilege escalation to root and Kerberos-based authentication bypass in SSSD's Active Directory GPO provider affects Re
Heap memory corruption in GIMP's PSD (Photoshop) file parser allows a malicious .psd image to overflow an integer in rea
Stack-based memory corruption in GIMP's PNM image parser lets an attacker execute code or crash the application when a v
Same weakness CWE-190 – Integer Overflow or Wraparound
View allSame technique Buffer Overflow
View allVendor StatusVendor
Ubuntu
Priority: Medium| Release | Status | Version |
|---|---|---|
| xenial | needs-triage | - |
| bionic | needs-triage | - |
| focal | needs-triage | - |
| jammy | needs-triage | - |
| noble | needs-triage | - |
| questing | needs-triage | - |
| upstream | needs-triage | - |
Debian
Bug #1127842| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye | fixed | 2.10.22-4+deb11u6 | - |
| bullseye (security) | fixed | 2.10.22-4+deb11u7 | - |
| bookworm | fixed | 2.10.34-1+deb12u8 | - |
| bookworm (security) | fixed | 2.10.34-1+deb12u9 | - |
| trixie, trixie (security) | fixed | 3.0.4-3+deb13u7 | - |
| forky | fixed | 3.2.0~RC3-1 | - |
| sid | fixed | 3.2.0-1 | - |
| trixie | fixed | 3.0.4-3+deb13u6 | - |
| (unstable) | fixed | 3.2.0~RC2-3.2 | - |
SUSE
Severity: High| Product | Status |
|---|---|
| SUSE Linux Enterprise Desktop 15 SP7 SUSE Linux Enterprise Server 15 SP7 SUSE Linux Enterprise Server for SAP Applications 15 SP7 SUSE Linux Enterprise Workstation Extension 15 SP7 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP7 | Fixed |
| openSUSE Leap 15.6 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP7 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP7 | Fixed |
| SUSE Linux Enterprise Server 15 SP7 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP7 | Fixed |
| SUSE Linux Enterprise Workstation Extension 15 SP7 | Fixed |
| openSUSE Leap 15.6 | Fixed |
| SUSE Linux Enterprise Server 15 SP4 | Fixed |
| SUSE Linux Enterprise Server 15 SP5 | Fixed |
| SUSE Linux Enterprise Server 15 SP6 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP6 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP4 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP5 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP6 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP4 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP5 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP6 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP4 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP5 | Fixed |
| SUSE Linux Enterprise Workstation Extension 15 SP4 | Fixed |
| SUSE Linux Enterprise Workstation Extension 15 SP5 | Fixed |
| SUSE Linux Enterprise Workstation Extension 15 SP6 | Fixed |
| openSUSE Leap 15.4 | Fixed |
| openSUSE Leap 15.5 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-16341
GHSA-8g7q-m2xj-67ch