CVE-2026-4151
Integer Overflow in GIMP ANI Parsing Enables Remote Code Execution
Publication date: 2026-04-11
Last updated on: 2026-04-14
Assigner: Zero Day Initiative
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gimp | gimp | 3.0.8 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-190 | The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-4151 is an integer overflow vulnerability in the ANI file parsing component of GIMP. It occurs because the software does not properly validate user-supplied data, which can cause an integer overflow before allocating a buffer.
This flaw allows remote attackers to execute arbitrary code on affected GIMP installations if a user interacts with a malicious ANI file or visits a malicious webpage.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to execute arbitrary code within the context of the current process running GIMP.
Successful exploitation can compromise the confidentiality, integrity, and availability of the affected system, potentially leading to unauthorized access, data manipulation, or denial of service.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update GIMP to the latest version where the issue has been fixed.
Additionally, avoid opening ANI files from untrusted sources or visiting untrusted webpages that might contain malicious ANI files, as exploitation requires user interaction.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves the parsing of ANI files by GIMP and requires user interaction such as opening a malicious ANI file or visiting a malicious webpage. Detection on a network or system would focus on identifying attempts to open or process suspicious ANI files or monitoring for exploitation attempts involving GIMP.
Since the vulnerability is triggered by local user interaction with ANI files, detection can include scanning for ANI files on the system and verifying if GIMP versions are vulnerable.
Suggested commands to help detect potential exploitation or presence of malicious ANI files might include:
- Searching for ANI files on the system: `find / -type f -name '*.ani'`
- Checking the installed GIMP version to verify if it is vulnerable: `gimp --version`
- Monitoring system logs or application logs for crashes or unusual behavior related to GIMP when opening ANI files.
Network detection is limited since the attack vector is local and requires user interaction; however, monitoring for suspicious file downloads or web traffic delivering ANI files could be useful.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows remote attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability of the affected system. This could potentially lead to unauthorized access or data breaches.
Such unauthorized access or data compromise could negatively affect compliance with standards and regulations like GDPR or HIPAA, which require protection of sensitive data and maintaining system integrity.
However, the provided information does not explicitly state the direct impact on compliance with these standards.