CVE-2026-5201 — Heap-based Buffer Overflow in Gdk-pixbuf

CWE-122 — Heap-based Buffer Overflow8 documents8 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 67.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnome Gdk-pixbuf

Timeline

PublishedMar 31

Latest updateApr 8

Description

A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for example, via thumbnail generation. Successful exploitation leads to application crashes and denial of service (DoS) conditions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶Debiangnome/gdk-pixbuf< 2.44.6+dfsg-1

🔴Vulnerability Details

OSV

CVE-2026-5201: A flaw was found in the gdk-pixbuf library↗2026-03-31

▶

CVEList

Gdk-pixbuf: gdk-pixbuf: denial of service via heap-based buffer overflow when processing a specially crafted jpeg image↗2026-03-31

▶

GHSA

GHSA-9pr2-m366-8728: A flaw was found in the gdk-pixbuf library↗2026-03-31

▶

📋Vendor Advisories

Ubuntu

GDK-PixBuf vulnerability↗2026-04-08

▶

Red Hat

gdk-pixbuf: gdk-pixbuf: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image↗2026-03-31

▶

Debian

CVE-2026-5201: gdk-pixbuf - A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vuln...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-5201 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶