Description
A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the FITS image loader by providing a specially crafted FITS file. This integer overflow leads to a zero-byte memory allocation, which is then subjected to a heap buffer overflow when processing pixel data. Successful exploitation could result in a denial of service (DoS) or potentially arbitrary code execution.
Published: 2026-04-15
Score: 5.5 Medium
EPSS: n/a
KEV: No
Impact: Denial of Service or potential code execution
Action: Apply Workaround
AI Analysis

Impact

The flaw resides in the FITS image loader of GIMP. An attacker can supply a crafted FITS file that triggers an integer overflow, causing the code to allocate a zero‑byte buffer. When pixel data is then processed, a heap buffer overflow occurs. If this buffer overrun is successfully exploited, it can lead to a denial of service or, under certain conditions, arbitrary code execution, impacting the confidentiality, integrity, or availability of the affected system.

Affected Systems

Red Hat Enterprise Linux 6, 7, 8, and 9 platforms that have the GIMP package installed are affected. The vulnerability is limited to the GIMP application itself and does not directly involve the underlying operating system components.

Risk and Exploitability

The CVSS base score is 5.5, indicating moderate severity. EPSS is not available, and the issue is not listed in CISA’s KEV catalog. Because the exploitation requires the attacker to deliver a malicious FITS file to a user running GIMP, the likely attack vector is local or remote file inclusion via a compromised or malicious client. Successful exploitation would require the attacker to be able to launch GIMP or have the victim open the file, after which the heap overflow could crash the program or potentially allow code execution.

Generated by OpenCVE AI on April 16, 2026 at 02:28 UTC.

Remediation

Vendor Workaround

Users should avoid opening untrusted FITS image files with GIMP. If GIMP is not required, consider removing the `gimp` package to eliminate the attack surface. This can be done using the system's package manager, for example: `sudo dnf remove gimp`. Removing GIMP may impact other applications that depend on it.

OpenCVE Recommended Actions

  • Avoid opening untrusted FITS files in GIMP.
  • If GIMP is not required, uninstall the gimp package using the system’s package manager (e.g., sudo dnf remove gimp on RHEL 8/9 or sudo yum remove gimp on RHEL 6/7).
  • Restrict access to the GIMP executable or configure sandboxing to limit its privileges until a patch is available.

Generated by OpenCVE AI on April 16, 2026 at 02:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Wed, 15 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 15 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
Description A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the FITS image loader by providing a specially crafted FITS file. This integer overflow leads to a zero-byte memory allocation, which is then subjected to a heap buffer overflow when processing pixel data. Successful exploitation could result in a denial of service (DoS) or potentially arbitrary code execution.
Title Gimp: gimp: heap buffer overflow due to integer overflow in fits image loader
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-190
CPEs cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Redhat Enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-04-15T19:32:55.287Z

Reserved: 2026-04-15T18:38:30.106Z

Link: CVE-2026-40915

cve-icon Vulnrichment

Updated: 2026-04-15T19:32:50.839Z

cve-icon NVD

Status : Received

Published: 2026-04-15T20:16:36.717

Modified: 2026-04-15T20:16:36.717

Link: CVE-2026-40915

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-15T18:41:45Z

Links: CVE-2026-40915 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T02:30:21Z

Weaknesses