CVE-2026-2239

CWE-1707 documents7 sources

Severity

6.5MEDIUM

EPSS

0.0%

top 93.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gimp Gimp Redhat Enterprise Linux

Timeline

PublishedMar 26

Description

A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the fread_pascal_string function when processing a specially crafted PSD (Photoshop Document) file. This occurs because the buffer allocated for a Pascal string is not properly null-terminated, leading to an out-of-bounds read when strlen() is subsequently called. Successfully exploiting this vulnerability can cause the application to crash, resulting in an application level Denial of Service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:LExploitability: 1.3 | Impact: 1.4

Affected Packages2 packages

▶Debiangimp< 2.10.22-4+deb11u6+3

▶NVDgimp/gimp3.2.0

Also affects: Enterprise Linux 7.0, 8.0, 9.0

🔴Vulnerability Details

GHSA

GHSA-pjv8-58qr-6mxx: A flaw was found in GIMP↗2026-03-26

▶

OSV

CVE-2026-2239: A flaw was found in GIMP↗2026-03-26

▶

CVEList

Gimp: gimp: application crash (dos) via crafted psd file due to heap-buffer-overflow↗2026-03-26

▶

📋Vendor Advisories

Red Hat

gimp: GIMP: Application crash (DoS) via crafted PSD file due to heap-buffer-overflow↗2026-02-09

▶

Debian

CVE-2026-2239: gimp - A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the fread...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-2239 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶