CVE-2026-6384
Received Received - Intake
Buffer Overflow in GIMP GIF Loader Risks Code Execution

Publication date: 2026-04-15

Last updated on: 2026-04-28

Assigner: Red Hat, Inc.

Description
A flaw was found in gimp. This buffer overflow vulnerability in the GIF image loading component's `ReadJeffsImage` function allows an attacker to write beyond an allocated buffer by processing a specially crafted GIF file. This can lead to a denial of service or potentially arbitrary code execution.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-15
Last Modified
2026-04-28
Generated
2026-06-16
AI Q&A
2026-04-16
EPSS Evaluated
2026-06-15
NVD
CVE-2026-6384
EUVD
EUVD-2026-23096
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
redhat enterprise_linux 7.0
redhat enterprise_linux 6.0
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0
gimp gimp *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-6384 is a high-severity buffer overflow vulnerability found in the GIF image loading component of GIMP, specifically in the ReadJeffsImage function.

This flaw allows an attacker to write beyond the allocated buffer by processing a specially crafted GIF file.

Impact Analysis

Exploitation of this vulnerability can lead to a denial of service (DoS), causing the application or system to crash or become unresponsive.

More severely, it can allow an attacker to execute arbitrary code on the affected system, potentially gaining control or causing further damage.

Mitigation Strategies

To mitigate this vulnerability, you should update GIMP to a version where the buffer overflow in the GIF image loading component's ReadJeffsImage function is fixed.

Avoid opening or processing untrusted or specially crafted GIF files with vulnerable versions of GIMP to prevent exploitation.

Compliance Impact

The provided information does not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6384. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart