{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-40915", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2026-04-15T18:38:30.106Z", "datePublished": "2026-04-15T18:58:52.059Z", "dateUpdated": "2026-04-15T19:32:55.287Z"}, "containers": {"cna": {"title": "Gimp: gimp: heap buffer overflow due to integer overflow in fits image loader", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the FITS image loader by providing a specially crafted FITS file. This integer overflow leads to a zero-byte memory allocation, which is then subjected to a heap buffer overflow when processing pixel data. Successful exploitation could result in a denial of service (DoS) or potentially arbitrary code execution."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "gimp", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "gimp", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "gimp:2.8/gimp", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "gimp", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-40915", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458744", "name": "RHBZ#2458744", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2026-04-15T18:41:45.828Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-190", "description": "Integer Overflow or Wraparound", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-190: Integer Overflow or Wraparound", "workarounds": [{"lang": "en", "value": "Users should avoid opening untrusted FITS image files with GIMP. If GIMP is not required, consider removing the `gimp` package to eliminate the attack surface. This can be done using the system's package manager, for example: `sudo dnf remove gimp`. Removing GIMP may impact other applications that depend on it."}], "timeline": [{"lang": "en", "time": "2026-04-15T18:34:44.357Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-04-15T18:41:45.828Z", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Mehtab Zafar for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-04-15T18:58:52.059Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-15T19:32:48.306652Z", "id": "CVE-2026-40915", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T19:32:55.287Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-40915", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-15T19:32:48.306652Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T19:32:50.839Z"}}], "cna": {"title": "Gimp: gimp: heap buffer overflow due to integer overflow in fits image loader", "credits": [{"lang": "en", "value": "Red Hat would like to thank Mehtab Zafar for reporting this issue."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"cpes": ["cpe:/o:redhat:enterprise_linux:6"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "packageName": "gimp", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "packageName": "gimp", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "gimp:2.8/gimp", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "packageName": "gimp", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2026-04-15T18:34:44.357Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-04-15T18:41:45.828Z", "value": "Made public."}], "datePublic": "2026-04-15T18:41:45.828Z", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-40915", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458744", "name": "RHBZ#2458744", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "workarounds": [{"lang": "en", "value": "Users should avoid opening untrusted FITS image files with GIMP. If GIMP is not required, consider removing the `gimp` package to eliminate the attack surface. This can be done using the system's package manager, for example: `sudo dnf remove gimp`. Removing GIMP may impact other applications that depend on it."}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the FITS image loader by providing a specially crafted FITS file. This integer overflow leads to a zero-byte memory allocation, which is then subjected to a heap buffer overflow when processing pixel data. Successful exploitation could result in a denial of service (DoS) or potentially arbitrary code execution."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "Integer Overflow or Wraparound"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-04-15T18:58:52.059Z"}, "x_redhatCweChain": "CWE-190: Integer Overflow or Wraparound"}}, "cveMetadata": {"cveId": "CVE-2026-40915", "state": "PUBLISHED", "dateUpdated": "2026-04-15T19:32:55.287Z", "dateReserved": "2026-04-15T18:38:30.106Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2026-04-15T18:58:52.059Z", "assignerShortName": "redhat"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the FITS image loader by providing a specially crafted FITS file. This integer overflow leads to a zero-byte memory allocation, which is then subjected to a heap buffer overflow when processing pixel data. Successful exploitation could result in a denial of service (DoS) or potentially arbitrary code execution."}], "id": "CVE-2026-40915", "lastModified": "2026-04-15T20:16:36.717", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Primary"}]}, "published": "2026-04-15T20:16:36.717", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2026-40915"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458744"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Mehtab Zafar for reporting this issue.", "bugzilla": {"description": "gimp: GIMP: Heap buffer overflow due to integer overflow in FITS image loader", "id": "2458744", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458744"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-190", "details": ["A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the FITS image loader by providing a specially crafted FITS file. This integer overflow leads to a zero-byte memory allocation, which is then subjected to a heap buffer overflow when processing pixel data. Successful exploitation could result in a denial of service (DoS) or potentially arbitrary code execution."], "mitigation": {"lang": "en:us", "value": "Users should avoid opening untrusted FITS image files with GIMP. If GIMP is not required, consider removing the `gimp` package to eliminate the attack surface. This can be done using the system's package manager, for example: `sudo dnf remove gimp`. Removing GIMP may impact other applications that depend on it."}, "name": "CVE-2026-40915", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "gimp", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "gimp", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "gimp:2.8/gimp", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "gimp", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-15T18:41:45Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-40915\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-40915"], "statement": "Moderate. This flaw in GIMP's FITS image loader could lead to a denial of service or arbitrary code execution when processing a specially crafted FITS file. Exploitation requires user interaction, as a malicious file must be opened by the application. Red Hat Enterprise Linux systems are affected if GIMP is installed and used to open untrusted FITS image files.", "threat_severity": "Moderate"}

{"analysis": {"en": {"generated_at": "2026-04-16T02:28:28.670104+00:00", "value": {"mitigation_remediation": ["Avoid opening untrusted FITS files in GIMP.", "If GIMP is not required, uninstall the gimp package using the system\u2019s package manager (e.g., sudo dnf remove gimp on RHEL\u202f8/9 or sudo yum remove gimp on RHEL\u202f6/7).", "Restrict access to the GIMP executable or configure sandboxing to limit its privileges until a patch is available."], "summary": {"action": "Apply Workaround", "impact": "Denial of Service or potential code execution"}, "threat_synthesis": {"affected_systems": "Red\u202fHat Enterprise Linux\u202f6,\u202f7,\u202f8, and\u202f9 platforms that have the GIMP package installed are affected. The vulnerability is limited to the GIMP application itself and does not directly involve the underlying operating system components.", "description_and_impact": "The flaw resides in the FITS image loader of GIMP. An attacker can supply a crafted FITS file that triggers an integer overflow, causing the code to allocate a zero\u2011byte buffer. When pixel data is then processed, a heap buffer overflow occurs. If this buffer overrun is successfully exploited, it can lead to a denial of service or, under certain conditions, arbitrary code execution, impacting the confidentiality, integrity, or availability of the affected system.", "risk_and_exploitability": "The CVSS base score is 5.5, indicating moderate severity. EPSS is not available, and the issue is not listed in CISA\u2019s KEV catalog. Because the exploitation requires the attacker to deliver a malicious FITS file to a user running GIMP, the likely attack vector is local or remote file inclusion via a compromised or malicious client. Successful exploitation would require the attacker to be able to launch GIMP or have the victim open the file, after which the heap overflow could crash the program or potentially allow code execution."}}}}, "created": "2026-04-16T02:30:21.689771+00:00", "updated": "2026-04-16T02:30:21.689783+00:00", "vendors": []}