Is Integer Overflow affected by EUVD-2026-21630?

GIMP versions prior to the fix are vulnerable to remote code execution through malicious PSD files, allowing attackers to execute arbitrary code with application-level privileges when users open crafted files.

EUVD-2026-21630

| CVE-2026-4150 HIGH

2026-04-11 zdi

GHSA-wgjm-63ch-mwj3

7.8

CVSS 3.0

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch Released

Apr 11, 2026 - 02:30 nvd

Patch available

Analysis Generated

Apr 11, 2026 - 01:00 vuln.today

EUVD ID Assigned

Apr 11, 2026 - 01:00 euvd

EUVD-2026-21630

CVE Published

Apr 11, 2026 - 00:15 nvd

HIGH 7.8

Description

GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28807.

Analysis

Integer overflow in GIMP PSD file parser enables remote code execution when users open malicious PSD files. Affects GIMP installations across platforms. …

Remediation

Within 24 hours: Disable or restrict GIMP usage until patched version is available; distribute security notice to all GIMP users advising against opening PSD files from untrusted sources. Within 7 days: Monitor vendor (GIMP project) for patch release and test in isolated environment upon availability. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +39

POC: 0

Vendor Status

EUVD-2026-21630 vulnerability details – vuln.today

Back

EUVD-2026-21630

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Vendor Status

Share

EUVD-2026-21630

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Vendor Status

Share

External POC / Exploit Code