Description

A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the fread_pascal_string function when processing a specially crafted PSD (Photoshop Document) file. This occurs because the buffer allocated for a Pascal string is not properly null-terminated, leading to an out-of-bounds read when strlen() is subsequently called. Successfully exploiting this vulnerability can cause the application to crash, resulting in an application level Denial of Service.

INFO

Published Date :

2026-03-26T20:00:28.595Z

Last Modified :

2026-04-03T20:25:04.014Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2026-2239 vulnerability.

Vendors Products
Gimp
  • Gimp
Redhat
  • Enterprise Linux
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-2239.

URL Resource
https://access.redhat.com/security/cve/CVE-2026-2239 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2437675 cve-icon cve-icon
https://gitlab.gnome.org/GNOME/gimp/-/issues/15812 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-2239 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-2239 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact