CVE-2026-2272

CWE-190Integer Overflow7 documents7 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 75.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Gimp GimpRedhat Enterprise Linux
Timeline
PublishedMar 26

Description

A flaw was found in GIMP. An integer overflow vulnerability exists when processing ICO image files, specifically in the `ico_read_info` and `ico_read_icon` functions. This issue arises because a size calculation for image buffers can wrap around due to a 32-bit integer evaluation, allowing oversized image headers to bypass security checks. A remote attacker could exploit this by providing a specially crafted ICO file, leading to a buffer overflow and memory corruption, which may result in an app

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

Debiangimp< 2.10.22-4+deb11u6+3
NVDgimp/gimp3.0.6

Also affects: Enterprise Linux 6.0, 7.0, 8.0, 9.0

🔴Vulnerability Details

3
OSV
CVE-2026-2272: A flaw was found in GIMP2026-03-26
GHSA
GHSA-8g7q-m2xj-67ch: A flaw was found in GIMP2026-03-26
CVEList
Gimp: gimp: memory corruption due to integer overflow in ico file handling2026-03-26

📋Vendor Advisories

2
Red Hat
gimp: GIMP: Memory corruption due to integer overflow in ICO file handling2026-02-10
Debian
CVE-2026-2272: gimp - A flaw was found in GIMP. An integer overflow vulnerability exists when processi...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-2272 Impact, Exploitability, and Mitigation Steps | Wiz