Remote Code Execution Vulnerability in GIMP Affected by PSD File Parsing Flaw
CVE-2026-4150

7.8HIGH

Key Information:

Vendor: Gimp
Status: Gimp
Vendor: CVE Published:; 11 April 2026

What is CVE-2026-4150?

A vulnerability exists in the GIMP application related to the parsing of PSD files, allowing remote attackers to execute arbitrary code. This issue arises due to improper validation of user-supplied data, leading to an integer overflow that can occur during buffer allocation. Attackers can exploit this flaw by luring users into visiting malicious pages or opening crafted files, executing code within the context of the affected process. Awareness and updates are crucial for users to protect against such vulnerabilities.

Affected Version(s)

GIMP 3.0.8

References

https://www.zerodayinitiative.com/advisories/ZDI-26-217/

x_research-advisory

https://gitlab.gnome.org/GNOME/gimp/-/commit/00afdabdadeb...

vendor-advisory

CVSS V3.0

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 11, 2026
Vulnerability Reserved
Mar 13, 2026

CVE-2026-4150 Data

JSON

Gimp

What is CVE-2026-4150?

Affected Version(s)

References

CVSS V3.0

Timeline