Skip to main content

GIMP EUVDEUVD-2026-39130

| CVE-2026-2050 HIGH
Heap-based Buffer Overflow (CWE-122)
2026-06-24 zdi GHSA-j4fq-jj5r-8w3h
7.8
CVSS 3.1 · Vendor: zdi
Share

Severity by source

Vendor (zdi) PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
vuln.today AI
7.8 HIGH

File must be opened locally so AV:L and UI:R; no privileges needed (PR:N), and code execution as the user yields full C/I/A impact within unchanged scope.

3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative
Red Hat
7.8 HIGH
qualitative

Primary rating from Vendor (zdi).

CVSS VectorVendor: zdi

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 24, 2026 - 22:35 vuln.today

DescriptionCVE.org

GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of HDR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28266.

AnalysisAI

Arbitrary code execution in GIMP results from a heap-based buffer overflow in the HDR file parser, where attacker-controlled length data is copied into an undersized heap buffer without bounds validation. Any user who opens a maliciously crafted HDR image (or visits a page that delivers one) can be exploited, with code running in the context of the GIMP process. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft malicious HDR file
Delivery
Deliver via email or web page
Exploit
Victim opens file in GIMP
Execution
HDR parser overflows heap buffer
Impact
Execute code as current user

Vulnerability AssessmentAI

Exploitation Exploitation requires the victim to open or load a specially crafted HDR (Radiance/RGBE) image file in GIMP - the malicious data must traverse the GEGL HDR parsing path. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.0 vector (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, base 7.8) describes a local, file-open-driven flaw with high impact to confidentiality, integrity, and availability but requiring user interaction - consistent with a client-side document-parsing bug rather than a remotely reachable service. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts a malicious HDR image and delivers it via a phishing email attachment or a web page that auto-downloads it, then lures a victim into opening the file in GIMP. Parsing the file overflows a heap buffer and lets the attacker execute code as the victim's user account. …
Remediation Upstream fix available (PR/commit); released patched version not independently confirmed - the correction has been merged in GEGL via merge request 241 (https://gitlab.gnome.org/GNOME/gegl/-/merge_requests/241), so upgrade GIMP and its bundled GEGL to a build that incorporates that merge once your distribution publishes it, and consult ZDI-26-282 (https://www.zerodayinitiative.com/advisories/ZDI-26-282/) for tracking. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify and notify all GIMP users, especially those handling external images or in design/documentation roles. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Gimp

View all
CVE-2012-2763 HIGH POC
7.5 Jul 12

Buffer overflow in the readstr_upto function in plug-ins/script-fu/tinyscheme/scheme.c in GIMP 2.6.12 and earlier, and p

CVE-2012-5576 HIGH POC
7.5 Dec 18

Multiple stack-based buffer overflows in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.8.2 allow remote attack

CVE-2017-17789 HIGH POC
7.8 Dec 20

In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c. Rated high sev

CVE-2012-3236 MEDIUM POC
4.3 Jul 12

fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and applic

CVE-2022-32990 MEDIUM POC
5.5 Jun 24

An issue in gimp_layer_invalidate_boundary of GNOME GIMP 2.10.30 allows attackers to trigger an unhandled exception via

CVE-2022-30067 MEDIUM POC
5.5 May 17

GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Rated medium severity (CVSS 5.5), this vulnerability is no a

CVE-2018-12713 CRITICAL
9.1 Jun 24

GIMP through 2.10.2 makes g_get_tmp_dir calls to establish temporary filenames, which may result in a filename that alre

CVE-2025-5473 HIGH
8.8 Jun 06

Critical remote code execution vulnerability in GIMP's ICO file parser caused by an integer overflow (CWE-190) that lack

CVE-2026-2044 HIGH
8.8 Feb 20

Remote code execution in GIMP 3.0.6 allows attackers to run arbitrary code by tricking a user into opening a malicious P

CVE-2026-0797 HIGH
8.8 Feb 20

Remote code execution in GIMP 3.2.0-rc1 lets attackers run arbitrary code by tricking a user into opening a malicious IC

CVE-2016-4994 HIGH
7.8 Jul 12

Use-after-free vulnerability in the xcf_load_image function in app/xcf/xcf-load.c in GIMP allows remote attackers to cau

CVE-2025-2760 HIGH
7.8 Apr 23

GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnera

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise Module for Package Hub 15 SP7 Not-Affected
SUSE Linux Enterprise Server 15 SP7 Not-Affected
SUSE Linux Enterprise Server for SAP Applications 15 SP7 Not-Affected
SUSE Linux Enterprise Workstation Extension 15 SP7 Not-Affected

Share

EUVD-2026-39130 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy