CVE-2026-4151

DOCUMENTATION: A flaw was found in GIMP. Remote attackers can exploit this vulnerability by tricking a user into opening a specially crafted ANI (Animated Cursor) file or visiting a malicious web page. This issue stems from an integer overflow during the parsing of ANI files, caused by insufficient validation of user-supplied data before memory allocation. Successful exploitation could allow an attacker to execute arbitrary code on the affected system with the privileges of the current user. 

            STATEMENT: Important: This flaw in GIMP allows for remote code execution due to an integer overflow when parsing specially crafted ANI (Animated Cursor) files. Exploitation requires user interaction, specifically opening a malicious ANI file or visiting a malicious web page. Red Hat users are affected if they process untrusted ANI files with GIMP.

            MITIGATION: To mitigate this issue, users should exercise caution and avoid opening untrusted ANI (Animated Cursor) files or visiting untrusted web pages. This vulnerability relies on user interaction to trigger the flaw, therefore, refraining from interacting with untrusted content will prevent exploitation.