CVE-2026-40918
Stack-Based Buffer Overflow in GIMP PVR Image Loader Causes DoS
Publication date: 2026-04-15
Last updated on: 2026-04-28
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 6.0 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux | 9.0 |
| gimp | gimp | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-131 | The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability occurs when GIMP processes specially crafted PVR image files with large dimensions, causing a denial of service due to a stack-based buffer overflow and out-of-bounds read.
To detect this vulnerability on your system, you can check the version of GIMP installed and verify if it includes the vulnerable PVR image loader.
Since the vulnerability is triggered by processing malicious PVR files, monitoring or scanning for untrusted or suspicious PVR image files being opened or processed by GIMP can help detect potential exploitation attempts.
There are no specific commands provided in the available resources to detect exploitation attempts or scan for vulnerable files.
Can you explain this vulnerability to me?
CVE-2026-40918 is a vulnerability in the GIMP image editing software related to how it processes PVR image files. When GIMP processes a specially crafted PVR image file with very large dimensions, it causes a denial of service (DoS) by triggering a stack-based buffer overflow and an out-of-bounds read in the PVR image loader. This leads to the application crashing.
How can this vulnerability impact me? :
This vulnerability can cause GIMP to crash when opening maliciously crafted PVR image files, resulting in a denial of service. Systems that process untrusted PVR image files using GIMP are affected, potentially disrupting workflows or services that rely on GIMP for image processing.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, avoid processing untrusted PVR image files with GIMP until a patch or update is applied.
Ensure that your GIMP installation is updated to a version where this vulnerability is fixed once available.
Restrict or monitor the use of PVR image files from untrusted sources to prevent triggering the denial of service condition.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in GIMP causes a denial of service (DoS) through a stack-based buffer overflow and out-of-bounds read when processing specially crafted PVR image files. It does not involve unauthorized access to data or data breaches.
Therefore, based on the provided information, this vulnerability does not directly impact compliance with common standards and regulations such as GDPR or HIPAA, which primarily focus on data protection and privacy.