Heap Buffer Over-Read Vulnerability in GIMP Affecting Various Systems
CVE-2026-40917

5MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9
Vendor: CVE Published:; 15 April 2026

What is CVE-2026-40917?

A vulnerability exists in GIMP related to a heap buffer over-read in the icns_slurp() function, triggered by processing specifically crafted ICNS image files. Attackers could exploit this flaw by providing a malicious ICNS file, which may result in application crashes or unintended information disclosure on the systems that handle such files.

References

https://access.redhat.com/security/cve/CVE-2026-40917

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2458746

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2026
Vulnerability Reserved
Apr 15, 2026

Credit

Red Hat would like to thank Mehtab Zafar for reporting this issue.

CVE-2026-40917 Data

JSON