CVE-2026-2239

Name
CVE-2026-2239
Description
A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the fread_pascal_string function when processing a specially crafted PSD (Photoshop Document) file. This occurs because the buffer allocated for a Pascal string is not properly null-terminated, leading to an out-of-bounds read when strlen() is subsequently called. Successfully exploiting this vulnerability can cause the application to crash, resulting in an application level Denial of Service.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
secalert@redhat.com https://access.redhat.com/security/cve/CVE-2026-2239
secalert@redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2437675
secalert@redhat.com https://gitlab.gnome.org/GNOME/gimp/-/issues/15812

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:gimp:gimp:3.2.0:rc3:*:*:*:*:*:* gimp == None == 3.2.0
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* enterprise_linux == None == 7.0
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* enterprise_linux == None == 8.0
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* enterprise_linux == None == 9.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
gimp edge-community 3.2.0-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable