Vulnerability DatabaseCVE-2026-2272
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2026-2272
Published:March 26, 2026
Updated:April 23, 2026
A flaw was found in GIMP. An integer overflow vulnerability exists when processing ICO image files, specifically in the "ico_read_info" and "ico_read_icon" functions. This issue arises because a size calculation for image buffers can wrap around due to a 32-bit integer evaluation, allowing oversized image headers to bypass security checks. A remote attacker could exploit this by providing a specially crafted ICO file, leading to a buffer overflow and memory corruption, which may result in an application level denial of service.
Affected Packages
https://github.com/GNOME/gimp.git (GITHUB):
Affected version(s) >=gimp <GIMP_3_0_8
Fix Suggestion:
Update to version GIMP_3_0_8
Related Resources (3)
https://gitlab.gnome.org/GNOME/gimp/-/issues/15617
https://access.redhat.com/security/cve/CVE-2026-2272
https://bugzilla.redhat.com/show_bug.cgi?id=2438428
Do you need more information?
Contact Us
CVSS v4
Base Score:
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
PASSIVE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
LOW
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
LOW
Weakness Type (CWE)
Integer Overflow or Wraparound
CWE-190
EPSS
Base Score:
0.08