Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2026-2272

Опубликовано: 10 фев. 2026
Источник: redhat
CVSS3: 4.3
EPSS Низкий

Описание

A flaw was found in GIMP. An integer overflow vulnerability exists when processing ICO image files, specifically in the ico_read_info and ico_read_icon functions. This issue arises because a size calculation for image buffers can wrap around due to a 32-bit integer evaluation, allowing oversized image headers to bypass security checks. A remote attacker could exploit this by providing a specially crafted ICO file, leading to a buffer overflow and memory corruption, which may result in an application level denial of service.

Отчет

This MODERATE impact flaw in GIMP allows a remote attacker to cause an application denial of service. The vulnerability occurs due to an integer overflow when processing specially crafted ICO image files, leading to memory corruption. User interaction is required for exploitation, as a malicious ICO file must be opened by the GIMP application.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6gimpOut of support scope
Red Hat Enterprise Linux 7gimpFix deferred
Red Hat Enterprise Linux 8gimp:2.8/gimpFix deferred
Red Hat Enterprise Linux 9gimpFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-190
https://bugzilla.redhat.com/show_bug.cgi?id=2438428gimp: GIMP: Memory corruption due to integer overflow in ICO file handling

EPSS

Процентиль: 18%
0.00058
Низкий

4.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2026-2272

ubuntu
около 2 месяцев назад

[ICO import integer overflow bypass leads to heap buffer overflow]

debian логотип

CVE-2026-2272

debian

[ICO import integer overflow bypass leads to heap buffer overflow]

github логотип

GHSA-8g7q-m2xj-67ch

CVSS3: 4.3
github
4 дня назад

A flaw was found in GIMP. An integer overflow vulnerability exists when processing ICO image files, specifically in the `ico_read_info` and `ico_read_icon` functions. This issue arises because a size calculation for image buffers can wrap around due to a 32-bit integer evaluation, allowing oversized image headers to bypass security checks. A remote attacker could exploit this by providing a specially crafted ICO file, leading to a buffer overflow and memory corruption, which may result in an application level denial of service.

suse-cvrf логотип

SUSE-SU-2026:0604-1

suse-cvrf
около 1 месяца назад

Security update for gimp

EPSS

Процентиль: 18%
0.00058
Низкий

4.3 Medium

CVSS3