Description
A flaw was found in GIMP. An integer overflow vulnerability exists when processing ICO image files, specifically in the `ico_read_info` and `ico_read_icon` functions. This issue arises because a size calculation for image buffers can wrap around due to a 32-bit integer evaluation, allowing oversized image headers to bypass security checks. A remote attacker could exploit this by providing a specially crafted ICO file, leading to a buffer overflow and memory corruption, which may result in an application level denial of service.
Published: 2026-03-26
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service (Application crash due to memory corruption)
Action: Assess Impact
AI Analysis

Impact

An integer overflow in GIMP's ICO file parsing routines allows an attacker to supply a specially crafted ICO image that overflows a memory buffer, corrupting memory and causing the application to crash. This flaw, identified as CWE‑190, results in application‑level denial of service but does not provide direct code execution or privilege escalation.

Affected Systems

Systems affected are Red Hat Enterprise Linux distributions 6 through 9 that run GIMP 3.0.6. The vulnerability is tied to the GIMP 3.0.6 package shipped with those RHEL releases. No other GIMP versions are listed as affected.

Risk and Exploitability

The CVSS base score of 4.3 indicates a low impact, and the EPSS score is below 1 %, suggesting a low likelihood of widespread exploitation. The flaw is not listed in the CISA KEV catalog. Exploitability is remote and requires an attacker to deliver a malicious ICO file to a vulnerable GIMP installation; successful exploitation results in a crash but no known privilege escalation or data leakage.

Generated by OpenCVE AI on April 16, 2026 at 02:41 UTC.

Remediation

Vendor Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

OpenCVE Recommended Actions

  • Configure file policies to block or flag the loading of ICO image files from untrusted paths or sources when using GIMP.
  • Deploy monitoring to capture GIMP crashes and alert administrators for immediate incident response.
  • When GNOME releases a corrected GIMP version, upgrade the package on all affected systems as soon as possible.
  • No CNA-provided workaround is available; rely on the official patch to mitigate this vulnerability.

Generated by OpenCVE AI on April 16, 2026 at 02:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4483-1 gimp security update
Debian DSA Debian DSA DSA-6139-1 gimp security update
History

Fri, 03 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:gimp:gimp:3.0.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

Fri, 27 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 21:30:00 +0000

Type Values Removed Values Added
References

Thu, 26 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE. A flaw was found in GIMP. An integer overflow vulnerability exists when processing ICO image files, specifically in the `ico_read_info` and `ico_read_icon` functions. This issue arises because a size calculation for image buffers can wrap around due to a 32-bit integer evaluation, allowing oversized image headers to bypass security checks. A remote attacker could exploit this by providing a specially crafted ICO file, leading to a buffer overflow and memory corruption, which may result in an application level denial of service.
Title gimp: GIMP: Memory corruption due to integer overflow in ICO file handling Gimp: gimp: memory corruption due to integer overflow in ico file handling
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References

Mon, 16 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Gimp
Gimp gimp
Vendors & Products Gimp
Gimp gimp

Wed, 11 Feb 2026 00:15:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE.
Title gimp: GIMP: Memory corruption due to integer overflow in ICO file handling
Weaknesses CWE-190
References
Metrics threat_severity

None

 cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L'}

threat_severity

Moderate

Subscriptions

Gimp Gimp
Redhat Enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-04-03T20:25:02.286Z

Reserved: 2026-02-10T09:33:41.080Z

Link: CVE-2026-2272

cve-icon Vulnrichment

Updated: 2026-03-27T13:43:50.671Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-26T21:17:04.907

Modified: 2026-04-03T20:17:54.493

Link: CVE-2026-2272

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-02-10T09:09:00Z

Links: CVE-2026-2272 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T02:45:06Z

Weaknesses