Description
GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28265.
Published: 2026-02-20
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

A flaw in GIMP’s parsing of XWD files allows an out‑of‑bounds write when processing a malicious file. The lack of proper validation of the file data enables the attacker to overwrite memory beyond the intended buffer, giving control over the program’s execution flow. An attacker who successfully exploits the vulnerability can run arbitrary code with the same privileges as the GIMP process.

Affected Systems

The vulnerability affects the GIMP application, specifically version 3.0.6 and related builds; the flaw resides in the XWD file handler, and other formats or components are not impacted.

Risk and Exploitability

The CVSS base score of 7.3 reflects a high risk assessment, while the EPSS score of less than 1% indicates a low likelihood of current exploitation. The vulnerability is not listed in CISA’s KEV catalog. Exploitation requires user interaction; an attacker must entice a user to open a malicious XWD file or have the file imported through malicious content on a web page. Given the remote code execution potential, administrators should consider the severity high enough to warrant immediate patching.

Generated by OpenCVE AI on April 18, 2026 at 11:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update GIMP to the latest patched release that addresses the buffer overflow in XWD file parsing.
  • If a patch is not immediately available, disable or block the XWD file format in GIMP, preventing the parsing routine from executing.
  • Configure host or application firewalls to limit exposure by blocking untrusted file downloads and employing sandboxing or application whitelisting when running GIMP.

Generated by OpenCVE AI on April 18, 2026 at 11:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4500-1 gimp security updat
Debian DSA Debian DSA DSA-6156-1 gimp security update
History

Tue, 24 Feb 2026 21:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:gimp:gimp:3.0.6:*:*:*:*:*:*:*

Tue, 24 Feb 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 23 Feb 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Gimp
Gimp gimp
Vendors & Products Gimp
Gimp gimp

Sat, 21 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}

threat_severity

Important

Fri, 20 Feb 2026 22:30:00 +0000

Type Values Removed Values Added
Description GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28265.
Title GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Weaknesses CWE-787
References
Metrics cvssV3_0

{'score': 7.8, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Gimp Gimp
cve-icon MITRE

Status: PUBLISHED

Assigner: zdi

Published:

Updated: 2026-02-26T14:44:12.503Z

Reserved: 2026-02-06T01:16:18.260Z

Link: CVE-2026-2045

cve-icon Vulnrichment

Updated: 2026-02-23T18:20:47.515Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-20T23:16:04.847

Modified: 2026-02-24T21:41:19.147

Link: CVE-2026-2045

cve-icon Redhat

Severity : Important

Publid Date: 2026-02-20T22:23:32Z

Links: CVE-2026-2045 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T11:30:44Z

Weaknesses