CVE-2026-4152
DOCUMENTATION: A flaw was found in GIMP. A remote attacker could exploit this by tricking a user into opening a specially crafted JP2 (JPEG 2000) file. This flaw is due to a heap-based buffer overflow during JP2 file parsing, which allows for arbitrary code execution. Successful exploitation enables the attacker to execute code in the context of the current process.
STATEMENT: This is an Important vulnerability in GIMP that could lead to arbitrary code execution. The flaw is a heap-based buffer overflow in the JP2 file parsing component. Exploitation requires user interaction, where a victim must open a specially crafted malicious JP2 file.
MITIGATION: To mitigate this issue, users should avoid opening JP2 (JPEG 2000) files from untrusted sources in GIMP. If GIMP is not required, consider removing the gimp package to eliminate the attack surface. For systems where GIMP is necessary, running the application within a sandboxed environment can limit the potential impact of successful exploitation. Removing this package may affect other applications that depend on GIMP.
Package Versions Affected
Automatically patch vulnerabilities without upgrading
CVSS Version
Related Resources
References
https://access.redhat.com/security/cve/CVE-2026-4152
Basic Information
