CVE-2026-2239
Received Received - Intake
Heap Buffer Overflow in GIMP PSD Parsing Causes DoS

Publication date: 2026-03-26

Last updated on: 2026-04-03

Assigner: Red Hat, Inc.

Description
A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the fread_pascal_string function when processing a specially crafted PSD (Photoshop Document) file. This occurs because the buffer allocated for a Pascal string is not properly null-terminated, leading to an out-of-bounds read when strlen() is subsequently called. Successfully exploiting this vulnerability can cause the application to crash, resulting in an application level Denial of Service.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-26
Last Modified
2026-04-03
Generated
2026-06-16
AI Q&A
2026-03-27
EPSS Evaluated
2026-06-14
NVD
CVE-2026-2239
EUVD
EUVD-2026-16339
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
redhat enterprise_linux 7.0
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0
gimp gimp 3.2.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-170 The product does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

This vulnerability causes an application-level denial of service by crashing GIMP when processing specially crafted PSD files. It does not involve unauthorized access, data leakage, or modification of sensitive information.

Therefore, it does not directly impact compliance with common standards and regulations such as GDPR or HIPAA, which primarily focus on protecting personal data confidentiality, integrity, and availability.

However, if availability of the application is critical in a regulated environment, repeated denial-of-service conditions could indirectly affect compliance related to system availability requirements.

Executive Summary

This vulnerability is a heap-buffer-overflow in GIMP's PSD file processing. It occurs in the fread_pascal_string function, which reads a Pascal string from a specially crafted Photoshop Document (PSD) file. The function allocates a buffer but does not null-terminate it properly. When the program later calls strlen() on this buffer, it reads beyond the allocated memory, causing a heap-buffer-overflow.

This overflow leads to an application crash, resulting in a denial-of-service when opening a malicious PSD file.

Impact Analysis

Exploiting this vulnerability can cause GIMP to crash when opening a specially crafted PSD file. This results in an application-level denial-of-service, meaning the software becomes unavailable or unusable during the crash.

Detection Guidance

This vulnerability can be detected by opening a specially crafted PSD file in GIMP built with AddressSanitizer (ASan). When triggered, ASan will report a heap-buffer-overflow error indicating the issue occurs in the strlen function called from g_strdup and gimp_any_to_utf8.

There are no specific network detection commands provided, as this is an application-level vulnerability triggered by opening a crafted PSD file.

To reproduce or detect the vulnerability on a system, you can run GIMP with ASan enabled and open a PSD file designed to exploit the flaw. The ASan output will indicate the heap-buffer-overflow.

Mitigation Strategies

Immediate mitigation involves avoiding opening untrusted or specially crafted PSD files in GIMP, as the vulnerability is triggered during PSD file parsing.

Applying the suggested fix by updating GIMP to a version where the fread_pascal_string() function allocates len+1 bytes and null-terminates the buffer before use will prevent the heap-buffer-overflow.

If an updated GIMP version is not yet available, consider running GIMP in a restricted environment or sandbox to limit the impact of potential crashes caused by malicious PSD files.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-2239. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart