CVE-2026-2050
Modified Modified - Updated After Analysis

Heap-based Buffer Overflow in GIMP via HDR File Parsing

Vulnerability report for CVE-2026-2050, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-24

Last updated on: 2026-07-13

Assigner: Zero Day Initiative

Description

GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of HDR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28266.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-24
Last Modified
2026-07-13
Generated
2026-07-15
AI Q&A
2026-06-25
EPSS Evaluated
2026-07-13
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
gimp gimp 3.0.6

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
CWE-131 The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a heap-based buffer overflow in the parsing of HDR files within GIMP. It occurs because the software does not properly validate the length of user-supplied data before copying it into a heap-based buffer. This flaw allows remote attackers to execute arbitrary code on affected installations of GIMP if a user opens a malicious HDR file or visits a malicious page.

Impact Analysis

The impact of this vulnerability is that an attacker can execute arbitrary code on your system with the privileges of the GIMP process. This can lead to full compromise of the affected system, including unauthorized access, data theft, or further malware installation. Exploitation requires user interaction, such as opening a malicious file or visiting a malicious webpage.

Mitigation Strategies

To mitigate this vulnerability, avoid opening or interacting with untrusted HDR files or visiting untrusted web pages that may contain malicious HDR content.

Ensure that your GIMP installation is updated with the latest security patches once they become available.

Limit user privileges and consider disabling or restricting the use of HDR file parsing in GIMP if possible until a fix is applied.

Compliance Impact

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP, potentially compromising the confidentiality, integrity, and availability of data processed by the application.

Such a compromise could lead to unauthorized access or alteration of sensitive information, which may impact compliance with data protection regulations like GDPR and HIPAA that require safeguarding personal and health-related data.

However, the provided information does not explicitly describe the direct effects of this vulnerability on compliance with these standards or any specific regulatory requirements.

Detection Guidance

This vulnerability involves a heap-based buffer overflow in GIMP's HDR file parsing, which requires user interaction such as opening a malicious HDR file or visiting a malicious page. Detection on a network or system would primarily involve identifying the presence of vulnerable GIMP versions or monitoring for suspicious HDR file usage.

Since the vulnerability is triggered by processing malicious HDR files, one detection approach is to verify the installed GIMP version and ensure it is updated to a version that includes the security fix.

Suggested commands to detect vulnerable GIMP installations on a system include:

  • Check GIMP version: `gimp --version`
  • On Linux systems, check installed package version: `dpkg -l | grep gimp` or `rpm -qa | grep gimp`
  • Search for suspicious HDR files recently accessed or created: `find /path/to/scan -name '*.hdr' -exec ls -l {} \;`

Network detection is limited because exploitation requires user interaction and local file opening. Monitoring for unusual file downloads or suspicious HDR files could help.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-2050. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart