Description
GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of ICNS files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28530.
Published: 2026-02-20
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Patch Immediately
AI Analysis

Impact

A flaw in the parsing of ICNS files allows an attacker to cause a heap-based buffer overflow by supplying data whose length is not properly validated. This results in the ability to execute arbitrary code in the context of the GIMP process. The weakness involves improper handling of buffer sizes and heap allocation, corresponding to CWE-122, CWE-131, and CWE-787. Because code is executed with the same privileges as the user running GIMP, the impact extends to full local compromise of the user’s account and potentially the machine.

Affected Systems

The vulnerability affects the GIMP image editor, specifically version 3.0.6 as identified by the vendor. All installations running this version, or any build derived from it, are vulnerable. Users of other GIMP releases are not currently affected according to the available CNA data.

Risk and Exploitability

The CVSS score of 7.8 indicates high severity, while the EPSS score of less than 1% suggests a low but non-zero probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog, implying no known widespread exploitation. Attackers need a malicious file or a page that can trigger GIMP to load an ICNS file, which requires user interaction. Thus the attack vector is local via opening a crafted file or remote via a malicious web page that forces GIMP to process an ICNS file. Successful exploitation would lead to remote code execution under the current user’s privileges.

Generated by OpenCVE AI on April 18, 2026 at 11:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update GIMP to a patched version (e.g., 3.0.7 or later) that includes the ICNS parsing fix.
  • Configure your system or user environment to prevent the automatic loading of ICNS files from untrusted sources, such as disabling the ICNS import plug‑in or restricting file permissions on known malicious directories.
  • If an update is not immediately available, avoid opening files with the .icns extension from unknown or untrusted sources until a patch is applied.

Generated by OpenCVE AI on April 18, 2026 at 11:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6156-1 gimp security update
History

Wed, 25 Feb 2026 07:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 24 Feb 2026 21:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
CPEs cpe:2.3:a:gimp:gimp:3.0.6:*:*:*:*:*:*:*

Mon, 23 Feb 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Gimp
Gimp gimp
Vendors & Products Gimp
Gimp gimp

Sat, 21 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-131
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

threat_severity

Important

Fri, 20 Feb 2026 22:30:00 +0000

Type Values Removed Values Added
Description GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ICNS files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28530.
Title GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
Weaknesses CWE-122
References
Metrics cvssV3_0

{'score': 7.8, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Gimp Gimp
cve-icon MITRE

Status: PUBLISHED

Assigner: zdi

Published:

Updated: 2026-02-26T14:44:12.360Z

Reserved: 2026-02-06T01:16:39.038Z

Link: CVE-2026-2047

cve-icon Vulnrichment

Updated: 2026-02-23T18:21:01.952Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-20T23:16:05.003

Modified: 2026-02-24T21:41:07.567

Link: CVE-2026-2047

cve-icon Redhat

Severity : Important

Publid Date: 2026-02-20T22:23:41Z

Links: CVE-2026-2047 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T11:30:44Z

Weaknesses