CVE-2026-2044
Uninitialized Memory RCE in GIMP PGM File Parsing
Publication date: 2026-02-20
Last updated on: 2026-02-24
Assigner: Zero Day Initiative
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gimp | gimp | 3.0.6 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-908 | The product uses or accesses a resource that has not been initialized. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in GIMP's handling of PGM files, where memory is not properly initialized before being accessed during file parsing.
Because of this flaw, a remote attacker can execute arbitrary code on the affected system by tricking a user into opening a malicious PGM file or visiting a malicious page.
User interaction is required for exploitation, meaning the target must open or interact with the malicious content.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to execute arbitrary code with the privileges of the user running GIMP.
Successful exploitation could lead to full compromise of the affected system, including data theft, system manipulation, or further malware installation.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know