Denial of Service Vulnerability in GIMP Software by Red Hat
CVE-2026-40918

5.5MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9
Vendor: CVE Published:; 15 April 2026

What is CVE-2026-40918?

A significant vulnerability has been discovered in GIMP, specifically in the handling of specially crafted PVR image files. When processing these large-dimensional files, a stack-based buffer overflow may occur, resulting in an out-of-bounds read in the image loader. This flaw ultimately leads to a denial of service, causing the application to crash. Systems utilizing GIMP to process untrusted PVR image files are particularly susceptible to this issue, highlighting the importance of exercising caution when handling such files.

References

https://access.redhat.com/security/cve/CVE-2026-40918

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2458747

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2026
Vulnerability Reserved
Apr 15, 2026

Credit

Red Hat would like to thank Mehtab Zafar for reporting this issue.

CVE-2026-40918 Data

JSON