CVE-2026-2239
Heap Buffer Overflow in GIMP PSD Parsing Causes DoS
Publication date: 2026-03-26
Last updated on: 2026-04-03
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux | 9.0 |
| gimp | gimp | 3.2.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-170 | The product does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a heap-buffer-overflow in GIMP's PSD file processing. It occurs in the fread_pascal_string function, which reads a Pascal string from a specially crafted Photoshop Document (PSD) file. The function allocates a buffer but does not null-terminate it properly. When the program later calls strlen() on this buffer, it reads beyond the allocated memory, causing a heap-buffer-overflow.
This overflow leads to an application crash, resulting in a denial-of-service when opening a malicious PSD file.
How can this vulnerability impact me? :
Exploiting this vulnerability can cause GIMP to crash when opening a specially crafted PSD file. This results in an application-level denial-of-service, meaning the software becomes unavailable or unusable during the crash.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by opening a specially crafted PSD file in GIMP built with AddressSanitizer (ASan). When triggered, ASan will report a heap-buffer-overflow error indicating the issue occurs in the strlen function called from g_strdup and gimp_any_to_utf8.
There are no specific network detection commands provided, as this is an application-level vulnerability triggered by opening a crafted PSD file.
To reproduce or detect the vulnerability on a system, you can run GIMP with ASan enabled and open a PSD file designed to exploit the flaw. The ASan output will indicate the heap-buffer-overflow.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves avoiding opening untrusted or specially crafted PSD files in GIMP, as the vulnerability is triggered during PSD file parsing.
Applying the suggested fix by updating GIMP to a version where the fread_pascal_string() function allocates len+1 bytes and null-terminates the buffer before use will prevent the heap-buffer-overflow.
If an updated GIMP version is not yet available, consider running GIMP in a restricted environment or sandbox to limit the impact of potential crashes caused by malicious PSD files.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability causes an application-level denial of service by crashing GIMP when processing specially crafted PSD files. It does not involve unauthorized access, data leakage, or modification of sensitive information.
Therefore, it does not directly impact compliance with common standards and regulations such as GDPR or HIPAA, which primarily focus on protecting personal data confidentiality, integrity, and availability.
However, if availability of the application is critical in a regulated environment, repeated denial-of-service conditions could indirectly affect compliance related to system availability requirements.