Skip to main content

Red Hat Enterprise Linux 7 EUVDEUVD-2026-16339

| CVE-2026-2239 LOW
Improper Null Termination (CWE-170)
2026-03-26 redhat GHSA-pjv8-58qr-6mxx
2.8
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
2.8 LOW
AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
Ubuntu
MEDIUM
qualitative
SUSE
3.3 LOW
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Red Hat
2.8 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 26, 2026 - 20:31 euvd
EUVD-2026-16339
Analysis Generated
Mar 26, 2026 - 20:31 vuln.today
CVE Published
Mar 26, 2026 - 20:00 nvd
LOW 2.8

DescriptionCVE.org

A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the fread_pascal_string function when processing a specially crafted PSD (Photoshop Document) file. This occurs because the buffer allocated for a Pascal string is not properly null-terminated, leading to an out-of-bounds read when strlen() is subsequently called. Successfully exploiting this vulnerability can cause the application to crash, resulting in an application level Denial of Service.

AnalysisAI

GIMP's PSD file parser crashes when processing specially crafted Photoshop documents due to improper null-termination in the fread_pascal_string function, allowing local authenticated users to trigger a denial of service. The vulnerability affects GIMP across Red Hat Enterprise Linux 7, 8, and 9, as well as multiple Debian and Ubuntu releases tracked by their respective security teams. While the CVSS score is low (2.8), the widespread distribution across major Linux vendors and confirmed advisory issuance from Red Hat, Debian, and SUSE indicates this merits coordinated patching despite limited exploitability constraints.

Technical ContextAI

The vulnerability exists in GIMP's PSD (Photoshop Document) file format handler, specifically within the fread_pascal_string function responsible for parsing Pascal-format strings embedded in PSD file structures. Pascal strings are length-prefixed byte sequences commonly used in binary file formats; the flaw occurs when the buffer allocated to store such a string is not properly null-terminated before strlen() is invoked on it, creating a classic heap buffer over-read condition (CWE-170: Improper Null Termination). The affected products span Red Hat Enterprise Linux 7, 8, and 9 (cpe:2.3:a:red_hat:red_hat_enterprise_linux_7:*:*:*:*:*:*:*:*, cpe:2.3:a:red_hat:red_hat_enterprise_linux_8:*:*:*:*:*:*:*:*, and cpe:2.3:a:red_hat:red_hat_enterprise_linux_9:*:*:*:*:*:*:*:*), as well as Debian and Ubuntu systems where GIMP is installed. The root cause is a memory safety violation typical of C/C++ image processing codebases handling untrusted binary formats.

RemediationAI

Apply vendor-provided security updates immediately for your distribution: Red Hat users should consult https://access.redhat.com/security/cve/CVE-2026-2239 for RHEL 7, 8, and 9 patch packages; Debian users should apply DLA-4483-1 (for Debian 9 LTS) or DSA-6139-1 (for Debian 10 and later); Ubuntu users should check their distribution's security updates; SUSE users should apply SUSE-SU-2026:0604. Until patching is complete, restrict PSD file opening to trusted sources and educate users not to open PSD files from untrusted origins. No workarounds beyond file restriction are practical given the vulnerability's location in core parsing logic. If GIMP is not essential, temporary removal from systems not requiring it is a valid interim mitigation. Verify patch deployment via package manager confirmation (e.g., apt-cache policy gimp on Debian/Ubuntu or rpm -qi gimp on Red Hat systems) and confirm the version matches the vendor's published fix version once advisory details are fully released.

CVE-2026-4631 CRITICAL POC
9.8 Apr 07

Remote code execution in Cockpit's web interface allows unauthenticated attackers to execute arbitrary commands on the h

CVE-2026-4480 CRITICAL POC
9.0 May 26

Remote code execution in Samba's printing subsystem allows remote attackers to inject arbitrary shell commands via craft

CVE-2026-14544 CRITICAL
9.8 Jul 03

Remote code execution and privilege escalation in HPLIP (HP Linux Imaging and Printing) affects the hpcups print filter

CVE-2026-33845 CRITICAL
9.1 Apr 30

Out-of-bounds read in the GnuTLS DTLS handshake reassembly logic lets remote unauthenticated attackers trigger an intege

CVE-2026-11610 HIGH
8.8 Jul 07

Denial of service in Red Hat / 389 Directory Server (389-ds-base, versions since ~1.3.2/2013) allows an authenticated LD

CVE-2026-14474 HIGH
8.8 Jul 07

Local-to-domain-wide root privilege escalation in SSSD's LDAP sudo provider allows an authenticated LDAP directory user

CVE-2026-52720 HIGH
8.8 Jun 15

Heap buffer overflow in GStreamer's librfb (RFB/VNC client) allows a malicious VNC server to corrupt heap memory on a co

CVE-2026-5674 HIGH
8.8 Jul 16

Sandbox escape in PipeWire's PulseAudio compatibility layer lets a low-privileged process inside a confined environment

CVE-2026-5260 HIGH
8.2 May 26

Information disclosure and denial of service in GnuTLS (libgnutls) let a remote, unauthenticated attacker trigger a heap

CVE-2026-0966 HIGH
8.2 Mar 26

Remote denial-of-service in libssh 0.11.x and earlier allows unauthenticated attackers to crash SSH server daemon proces

CVE-2026-35091 HIGH
8.2 Apr 01

Out-of-bounds read in Corosync allows unauthenticated remote attackers to crash cluster nodes and potentially leak memor

CVE-2026-42013 HIGH
8.2 May 26

Here is the multi-source synthesis as a single JSON object: ```json { "product_name": "GnuTLS", "summary": "Certifi

Vendor StatusVendor

Ubuntu

Priority: Medium
gimp
Release Status Version
xenial needs-triage -
bionic needs-triage -
focal needs-triage -
jammy needs-triage -
noble needs-triage -
questing needs-triage -
upstream needs-triage -

Debian

Bug #1127838
gimp
Release Status Fixed Version Urgency
bullseye fixed 2.10.22-4+deb11u6 -
bullseye (security) fixed 2.10.22-4+deb11u7 -
bookworm fixed 2.10.34-1+deb12u8 -
bookworm (security) fixed 2.10.34-1+deb12u9 -
trixie (security), trixie fixed 3.0.4-3+deb13u7 -
forky fixed 3.2.0~RC3-1 -
sid fixed 3.2.0-1 -
trixie fixed 3.0.4-3+deb13u6 -
(unstable) fixed 3.2.0~RC2-3.2 -

SUSE

Severity: Low
Product Status
SUSE Linux Enterprise Desktop 15 SP7 SUSE Linux Enterprise Server 15 SP7 SUSE Linux Enterprise Server for SAP Applications 15 SP7 SUSE Linux Enterprise Workstation Extension 15 SP7 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP7 Fixed
openSUSE Leap 15.6 Fixed
openSUSE Leap 16.0 Fixed
openSUSE Tumbleweed Fixed

Share

EUVD-2026-16339 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy