CVE-2026-40918
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
A flaw was found in GIMP. Processing a specially crafted PVR image file with large dimensions can lead to a denial of service (DoS). This occurs due to a stack-based buffer overflow and an out-of-bounds read in the PVR image loader, causing the application to crash. Systems that process untrusted PVR image files are affected.
Affected Software
| Vendor | Product | Version Range | Status |
|---|
Weaknesses
- CWE-131: Incorrect Calculation of Buffer Size
Workarounds
To reduce the risk associated with this vulnerability, avoid processing untrusted PVR image files. Users should exercise caution when opening PVR files from unknown or suspicious sources. If the PVR image loader is part of an application that processes untrusted content, consider running that application in a sandboxed environment to limit potential impact.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://access.redhat.com/security/cve/CVE-2026-40918
- https://bugzilla.redhat.com/show_bug.cgi?id=2458747
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.