CVE-2026-5201
published 2026-03-31CVE-2026-5201: A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for example, via thumbnail generation. Successful exploitation leads to application crashes and denial of service (DoS) conditions.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gdk-pixbuf | < gdk-pixbuf 2.44.6+dfsg-1 (forky) | gdk-pixbuf 2.44.6+dfsg-1 (forky) |
| gnome | gdk-pixbuf | >= 0 < 2.44.6+dfsg-1 | 2.44.6+dfsg-1 |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_tus | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH