Description
GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of XPM files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28901.
Published: 2026-04-11
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

An integer overflow occurs in GIMP’s parser when handling XPM files, leading to an attacker being able to execute arbitrary code within the GIMP process. The flaw arises from unvalidated user data being used to calculate a buffer size before allocation. The identified weakness is an integer overflow (CWE‑190).

Affected Systems

The vulnerability is documented for GIMP version 3.0.8, as indicated by the Common Platform Enumeration string. No other versions are explicitly mentioned in the advisory, so only this release is confirmed to be affected.

Risk and Exploitability

The CVSS score of 7.8 denotes a high severity vulnerability, while the EPSS score of less than 1% suggests exploitation is unlikely at present. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires user interaction; an attacker must prompt a user to open a malicious XPM file or visit a page that triggers the vulnerable parser. Successful exploitation would give the attacker full control of the GIMP process.

Generated by OpenCVE AI on April 14, 2026 at 21:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest GIMP release that contains the XPM parser patch.
  • Verify that the update has been applied by checking the application’s version number.
  • Until the update is installed, avoid opening XPM files from untrusted or unknown sources.

Generated by OpenCVE AI on April 14, 2026 at 21:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:gimp:gimp:3.0.8:*:*:*:*:*:*:*

Mon, 13 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Gimp
Gimp gimp
Vendors & Products Gimp
Gimp gimp

Mon, 13 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

threat_severity

Important

Sat, 11 Apr 2026 01:00:00 +0000

Type Values Removed Values Added
Description GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XPM files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28901.
Title GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability
Weaknesses CWE-190
References
Metrics cvssV3_0

{'score': 7.8, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Gimp Gimp
cve-icon MITRE

Status: PUBLISHED

Assigner: zdi

Published:

Updated: 2026-04-14T03:55:54.921Z

Reserved: 2026-03-13T20:33:06.755Z

Link: CVE-2026-4154

cve-icon Vulnrichment

Updated: 2026-04-13T18:24:11.523Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-11T01:16:17.093

Modified: 2026-04-14T19:33:09.423

Link: CVE-2026-4154

cve-icon Redhat

Severity : Important

Publid Date: 2026-04-11T00:16:10Z

Links: CVE-2026-4154 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T15:45:07Z

Weaknesses