CVE-2026-2239

← CVEs

LOW 2.8

Published

2026-03-26

Last Modified

2026-04-03

Affected Apps

Affected Devices

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the fread_pascal_string function when processing a specially crafted PSD (Photoshop Document) file. This occurs because the buffer allocated for a Pascal string is not properly null-terminated, leading to an out-of-bounds read when strlen() is subsequently called. Successfully exploiting this vulnerability can cause the application to crash, resulting in an application level Denial of Service.

Affected Applications in Environment 3

GIMP v3.2.0.0

6 devices

gimp v2.10.36-3ubuntu0.24.04.1

1 device

gimp v2.10.18-1ubuntu0.1

1 device

Affected Devices 8

DPHSNG-LTSTRING Windows ENGL-RBW401-D08 Windows SWC-03 Windows SWC-06 Windows SWC-07 Windows SWC-08 Windows flexnet Linux kmlab Linux

References 3

https://access.redhat.com/security/cve/CVE-2026-2239
https://bugzilla.redhat.com/show_bug.cgi?id=2437675
https://gitlab.gnome.org/GNOME/gimp/-/issues/15812