CVE-2026-40916
Stack Buffer Overflow in GIMP TIM Loader Causes DoS
Publication date: 2026-04-15
Last updated on: 2026-04-28
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 6.0 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux | 9.0 |
| gimp | gimp | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can cause a Denial of Service (DoS) by crashing the GIMP application when a user opens a maliciously crafted TIM image file.
Since the overflow is local and requires opening a crafted file, it primarily impacts availability by causing the application to stop functioning unexpectedly.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is triggered by opening a specially crafted 4BPP TIM image file in GIMP, causing a stack buffer overflow and application crash.
Detection involves monitoring for crashes or denial of service events when processing TIM image files with GIMP.
Since the vulnerability is local and triggered by opening malicious files, network detection is limited.
No specific commands are provided in the available resources to detect this vulnerability automatically.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, avoid opening untrusted or suspicious TIM image files in GIMP.
Apply any available patches or updates from your Linux distribution or GIMP maintainers that address this stack buffer overflow.
Consider restricting user permissions to limit local user ability to exploit this vulnerability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2026-40916 is a stack buffer overflow vulnerability found in the GIMP image editor, specifically in the TIM image loader's 4BPP decoding path.
The flaw occurs because a variable-length array named `row[]` is allocated with a size equal to the image width in bytes, but the decoding process writes twice that amount (2 * width bytes) into this buffer without checking the bounds.
This causes an overflow of the buffer on the stack, leading to a crash of the application when opening a specially crafted TIM image file.