Out-Of-Bounds Write Vulnerability in GIMP by GNOME
CVE-2026-2048

7.8HIGH

Key Information:

Vendor: Gimp
Status: Gimp
Vendor: CVE Published:; 20 February 2026

What is CVE-2026-2048?

A vulnerability in GIMP allows remote attackers to execute arbitrary code due to improper validation during XWD file parsing. This flaw can lead to writing beyond allocated memory buffers, potentially compromising the affected system when a user opens a malicious file or visits a harmful web page. Exploitation of this vulnerability requires user interaction, necessitating caution when handling untrusted files or links.

Affected Version(s)

GIMP 3.2.0-RC1

References

https://www.zerodayinitiative.com/advisories/ZDI-26-121/

x_research-advisory

https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2586...

vendor-advisory

CVSS V3.0

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 20, 2026
Vulnerability Reserved
Feb 6, 2026

CVE-2026-2048 Data

JSON

Gimp

What is CVE-2026-2048?

Affected Version(s)

References

CVSS V3.0

Timeline