GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

GIMP contains a remote code execution vulnerability (CVE-2026-4152) with a CVSS score of 7.8 that allows attackers to execute arbitrary code when a user opens a malicious file or visits a malicious webpage. An attacker can achieve full code execution on affected systems with user interaction, potentially compromising the host machine and its data. Security teams should prioritize patching GIMP installations and educate users to avoid opening untrusted files or visiting suspicious websites until patches are available.