CVE-2026-40916
Received Received - Intake
Stack Buffer Overflow in GIMP TIM Loader Causes DoS

Publication date: 2026-04-15

Last updated on: 2026-04-28

Assigner: Red Hat, Inc.

Description
A flaw was found in GIMP. A stack buffer overflow vulnerability in the TIM image loader's 4BPP decoding path allows a local user to cause a Denial of Service (DoS). By opening a specially crafted TIM image file, the application crashes due to an unconditional overflow when writing to a variable-length array.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-15
Last Modified
2026-04-28
Generated
2026-06-16
AI Q&A
2026-04-15
EPSS Evaluated
2026-06-14
NVD
CVE-2026-40916
EUVD
EUVD-2026-23022
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
redhat enterprise_linux 7.0
redhat enterprise_linux 6.0
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0
gimp gimp *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-40916 is a stack buffer overflow vulnerability found in the GIMP image editor, specifically in the TIM image loader's 4BPP decoding path.

The flaw occurs because a variable-length array named `row[]` is allocated with a size equal to the image width in bytes, but the decoding process writes twice that amount (2 * width bytes) into this buffer without checking the bounds.

This causes an overflow of the buffer on the stack, leading to a crash of the application when opening a specially crafted TIM image file.

Impact Analysis

This vulnerability can cause a Denial of Service (DoS) by crashing the GIMP application when a user opens a maliciously crafted TIM image file.

Since the overflow is local and requires opening a crafted file, it primarily impacts availability by causing the application to stop functioning unexpectedly.

Detection Guidance

This vulnerability is triggered by opening a specially crafted 4BPP TIM image file in GIMP, causing a stack buffer overflow and application crash.

Detection involves monitoring for crashes or denial of service events when processing TIM image files with GIMP.

Since the vulnerability is local and triggered by opening malicious files, network detection is limited.

No specific commands are provided in the available resources to detect this vulnerability automatically.

Mitigation Strategies

To mitigate this vulnerability, avoid opening untrusted or suspicious TIM image files in GIMP.

Apply any available patches or updates from your Linux distribution or GIMP maintainers that address this stack buffer overflow.

Consider restricting user permissions to limit local user ability to exploit this vulnerability.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-40916. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart