Heap-Based Buffer Overflow in gdk-pixbuf Library Impacting JPEG Image Processing
CVE-2026-5201

7.5HIGH

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 10.0 Extended Update Support; Red Hat Enterprise Linux 7 Extended Lifecycle Support; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 31 March 2026

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2026-5201?

A flaw exists within the gdk-pixbuf library that leads to a heap-based buffer overflow specifically in the JPEG image loader. This vulnerability arises due to insufficient validation of color component counts when handling specially crafted JPEG images. Attackers can exploit this vulnerability remotely without requiring any user interaction, notably through mechanisms like thumbnail generation. If successfully exploited, this flaw can result in application crashes and create denial of service (DoS) conditions, exposing users and systems to risks.

Affected Version(s)

Red Hat Enterprise Linux 10 0:2.42.12-4.el10_1.5

Red Hat Enterprise Linux 10.0 Extended Update Support 0:2.42.12-4.el10_0.4

Red Hat Enterprise Linux 7 Extended Lifecycle Support 0:2.36.12-5.el7_9

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-5201
Created by kagancapar