CVE-2026-40915
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the FITS image loader by providing a specially crafted FITS file. This integer overflow leads to a zero-byte memory allocation, which is then subjected to a heap buffer overflow when processing pixel data. Successful exploitation could result in a denial of service (DoS) or potentially arbitrary code execution.
Affected Software
| Vendor | Product | Version Range | Status |
|---|
Weaknesses
- CWE-190: Integer Overflow or Wraparound
Workarounds
Users should avoid opening untrusted FITS image files with GIMP. If GIMP is not required, consider removing the gimp package to eliminate the attack surface. This can be done using the system's package manager, for example: sudo dnf remove gimp. Removing GIMP may impact other applications that depend on it.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://access.redhat.com/security/cve/CVE-2026-40915
- https://bugzilla.redhat.com/show_bug.cgi?id=2458744
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.