GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

GIMP contains a remote code execution vulnerability (CVE-2026-2049) with a CVSS score of 7.8 that allows attackers to execute arbitrary code if a user opens a malicious file or visits a compromised webpage. An attacker exploiting this flaw gains the ability to run commands with the privileges of the user running GIMP, potentially compromising the entire system. Security teams should prioritize patching GIMP installations and educate users to avoid opening untrusted files or visiting suspicious websites until patches are available.