CVE-2026-6384
Buffer Overflow in GIMP GIF Loader Risks Code Execution
Publication date: 2026-04-15
Last updated on: 2026-04-28
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 6.0 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux | 9.0 |
| gimp | gimp | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-6384 is a high-severity buffer overflow vulnerability found in the GIF image loading component of GIMP, specifically in the ReadJeffsImage function.
This flaw allows an attacker to write beyond the allocated buffer by processing a specially crafted GIF file.
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to a denial of service (DoS), causing the application or system to crash or become unresponsive.
More severely, it can allow an attacker to execute arbitrary code on the affected system, potentially gaining control or causing further damage.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update GIMP to a version where the buffer overflow in the GIF image loading component's ReadJeffsImage function is fixed.
Avoid opening or processing untrusted or specially crafted GIF files with vulnerable versions of GIMP to prevent exploitation.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.