CVE-2026-40918
Received Received - Intake
Stack-Based Buffer Overflow in GIMP PVR Image Loader Causes DoS

Publication date: 2026-04-15

Last updated on: 2026-04-28

Assigner: Red Hat, Inc.

Description
A flaw was found in GIMP. Processing a specially crafted PVR image file with large dimensions can lead to a denial of service (DoS). This occurs due to a stack-based buffer overflow and an out-of-bounds read in the PVR image loader, causing the application to crash. Systems that process untrusted PVR image files are affected.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-15
Last Modified
2026-04-28
Generated
2026-06-16
AI Q&A
2026-04-16
EPSS Evaluated
2026-06-14
NVD
CVE-2026-40918
EUVD
EUVD-2026-23026
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
redhat enterprise_linux 7.0
redhat enterprise_linux 6.0
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0
gimp gimp *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-131 The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-40918 is a vulnerability in the GIMP image editing software related to how it processes PVR image files. When GIMP processes a specially crafted PVR image file with very large dimensions, it causes a denial of service (DoS) by triggering a stack-based buffer overflow and an out-of-bounds read in the PVR image loader. This leads to the application crashing.

Impact Analysis

This vulnerability can cause GIMP to crash when opening maliciously crafted PVR image files, resulting in a denial of service. Systems that process untrusted PVR image files using GIMP are affected, potentially disrupting workflows or services that rely on GIMP for image processing.

Mitigation Strategies

To mitigate this vulnerability, avoid processing untrusted PVR image files with GIMP until a patch or update is applied.

Ensure that your GIMP installation is updated to a version where this vulnerability is fixed once available.

Restrict or monitor the use of PVR image files from untrusted sources to prevent triggering the denial of service condition.

Detection Guidance

This vulnerability occurs when GIMP processes specially crafted PVR image files with large dimensions, causing a denial of service due to a stack-based buffer overflow and out-of-bounds read.

To detect this vulnerability on your system, you can check the version of GIMP installed and verify if it includes the vulnerable PVR image loader.

Since the vulnerability is triggered by processing malicious PVR files, monitoring or scanning for untrusted or suspicious PVR image files being opened or processed by GIMP can help detect potential exploitation attempts.

There are no specific commands provided in the available resources to detect exploitation attempts or scan for vulnerable files.

Compliance Impact

The vulnerability in GIMP causes a denial of service (DoS) through a stack-based buffer overflow and out-of-bounds read when processing specially crafted PVR image files. It does not involve unauthorized access to data or data breaches.

Therefore, based on the provided information, this vulnerability does not directly impact compliance with common standards and regulations such as GDPR or HIPAA, which primarily focus on data protection and privacy.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-40918. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart