CVE-2026-2271
Received Received - Intake
Heap Overflow in GIMP PSP Parser Causes Remote DoS

Publication date: 2026-03-26

Last updated on: 2026-04-21

Assigner: Red Hat, Inc.

Description
A flaw was found in GIMP's PSP (Paint Shop Pro) file parser. A remote attacker could exploit an integer overflow vulnerability in the read_creator_block() function by providing a specially crafted PSP image file. This vulnerability occurs when a 32-bit length value from the file is used for memory allocation without proper validation, leading to a heap overflow and an out-of-bounds write. Successful exploitation could result in an application level denial of service.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-26
Last Modified
2026-04-21
Generated
2026-06-16
AI Q&A
2026-03-27
EPSS Evaluated
2026-06-14
NVD
CVE-2026-2271
EUVD
EUVD-2026-16340
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gimp gimp 3.2.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-190 The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Impact Analysis

This vulnerability can be exploited by a remote attacker who provides a specially crafted PSP image file to GIMP.

Successful exploitation causes a heap overflow and out-of-bounds memory write, which leads to an application-level denial of service (crash).

This means that an attacker could cause GIMP to crash or become unavailable when processing malicious PSP files, potentially disrupting workflows or services relying on GIMP.

Executive Summary

CVE-2026-2271 is an integer overflow vulnerability in GIMP's PSP (Paint Shop Pro) image file parser, specifically in the read_creator_block() function. The vulnerability occurs because a 32-bit length value is read directly from a PSP file without proper validation and then used for memory allocation.

When the length value is set to a very large number (0xFFFFFFFF), the memory allocation function (g_malloc) receives an incorrect size due to integer overflow, resulting in a very small buffer being allocated.

Subsequently, the program attempts to read a large amount of data (approximately 4 GB) into this undersized buffer, causing a heap overflow and an out-of-bounds write. This leads to a crash of the application, resulting in a denial of service.

Detection Guidance

This vulnerability can be detected by testing GIMP's PSP file parser with specially crafted PSP image files that trigger the integer overflow in the read_creator_block() function.

A proof-of-concept (PoC) crafted PSP file named psp_overflow.psp can be used to trigger the vulnerability.

To detect memory errors caused by this vulnerability, you can compile the vulnerable code with AddressSanitizer enabled and run tests using the PoC file.

  • Compile the test harness with clang and AddressSanitizer: clang -fsanitize=address -o harness_psp harness_psp.c
  • Run the test harness with the crafted PSP file: ./harness_psp psp_overflow.psp

This will help detect heap overflow and out-of-bounds writes caused by the vulnerability.

Mitigation Strategies

Immediate mitigation steps include avoiding opening or processing untrusted or specially crafted PSP image files with vulnerable versions of GIMP.

Updating GIMP to a version where this vulnerability is fixed is recommended once a patch is available.

If updating is not immediately possible, consider disabling or restricting the PSP file parser plugin or limiting user access to GIMP to trusted users only.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-2271. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart