CVE-2026-40918
Received Received - Intake

Stack-Based Buffer Overflow in GIMP PVR Image Loader Causes DoS

Vulnerability report for CVE-2026-40918, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-04-15

Last updated on: 2026-04-28

Assigner: Red Hat, Inc.

Description

A flaw was found in GIMP. Processing a specially crafted PVR image file with large dimensions can lead to a denial of service (DoS). This occurs due to a stack-based buffer overflow and an out-of-bounds read in the PVR image loader, causing the application to crash. Systems that process untrusted PVR image files are affected.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-04-15
Last Modified
2026-04-28
Generated
2026-07-06
AI Q&A
2026-04-16
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 5 associated CPEs
Vendor Product Version / Range
redhat enterprise_linux 7.0
redhat enterprise_linux 6.0
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0
gimp gimp *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-131 The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-40918 is a vulnerability in the GIMP image editing software related to how it processes PVR image files. When GIMP processes a specially crafted PVR image file with very large dimensions, it causes a denial of service (DoS) by triggering a stack-based buffer overflow and an out-of-bounds read in the PVR image loader. This leads to the application crashing.

Detection Guidance

This vulnerability occurs when GIMP processes specially crafted PVR image files with large dimensions, causing a denial of service due to a stack-based buffer overflow and out-of-bounds read.

To detect this vulnerability on your system, you can check the version of GIMP installed and verify if it includes the vulnerable PVR image loader.

Since the vulnerability is triggered by processing malicious PVR files, monitoring or scanning for untrusted or suspicious PVR image files being opened or processed by GIMP can help detect potential exploitation attempts.

There are no specific commands provided in the available resources to detect exploitation attempts or scan for vulnerable files.

Compliance Impact

The vulnerability in GIMP causes a denial of service (DoS) through a stack-based buffer overflow and out-of-bounds read when processing specially crafted PVR image files. It does not involve unauthorized access to data or data breaches.

Therefore, based on the provided information, this vulnerability does not directly impact compliance with common standards and regulations such as GDPR or HIPAA, which primarily focus on data protection and privacy.

Impact Analysis

This vulnerability can cause GIMP to crash when opening maliciously crafted PVR image files, resulting in a denial of service. Systems that process untrusted PVR image files using GIMP are affected, potentially disrupting workflows or services that rely on GIMP for image processing.

Mitigation Strategies

To mitigate this vulnerability, avoid processing untrusted PVR image files with GIMP until a patch or update is applied.

Ensure that your GIMP installation is updated to a version where this vulnerability is fixed once available.

Restrict or monitor the use of PVR image files from untrusted sources to prevent triggering the denial of service condition.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-40918. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart