{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-40918", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2026-04-15T18:38:30.106Z", "datePublished": "2026-04-15T18:59:14.823Z", "dateUpdated": "2026-04-15T18:59:14.823Z"}, "containers": {"cna": {"title": "Gimp: gimp: denial of service via crafted pvr image file", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in GIMP. Processing a specially crafted PVR image file with large dimensions can lead to a denial of service (DoS). This occurs due to a stack-based buffer overflow and an out-of-bounds read in the PVR image loader, causing the application to crash. Systems that process untrusted PVR image files are affected."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "gimp", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "gimp", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "gimp:2.8/gimp", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "gimp", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-40918", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458747", "name": "RHBZ#2458747", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2026-04-15T18:41:40.251Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-131", "description": "Incorrect Calculation of Buffer Size", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-131: Incorrect Calculation of Buffer Size", "workarounds": [{"lang": "en", "value": "To reduce the risk associated with this vulnerability, avoid processing untrusted PVR image files. Users should exercise caution when opening PVR files from unknown or suspicious sources. If the PVR image loader is part of an application that processes untrusted content, consider running that application in a sandboxed environment to limit potential impact."}], "timeline": [{"lang": "en", "time": "2026-04-15T18:35:03.273Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-04-15T18:41:40.251Z", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Mehtab Zafar for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-04-15T18:59:14.823Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in GIMP. Processing a specially crafted PVR image file with large dimensions can lead to a denial of service (DoS). This occurs due to a stack-based buffer overflow and an out-of-bounds read in the PVR image loader, causing the application to crash. Systems that process untrusted PVR image files are affected."}], "id": "CVE-2026-40918", "lastModified": "2026-04-15T20:16:37.260", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Primary"}]}, "published": "2026-04-15T20:16:37.260", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2026-40918"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458747"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-131"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-15T22:08:58.087375+00:00", "value": {"mitigation_remediation": ["Avoid opening PVR files from untrusted or unknown sources.", "If a PVR file must be processed, run the GIMP application in a sandboxed environment such as a container or a sandbox tool to limit the impact of a crash.", "When a vendor patch or updated GIMP version that rectifies the buffer size calculation becomes available, install it to eliminate the vulnerability."], "summary": {"action": "Apply Workaround", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerability affects users of GIMP running on Red\u202fHat Enterprise Linux\u202f6,\u202f7,\u202f8, and\u202f9. Any installation that processes untrusted PVR image files is at risk, regardless of the host operating system version.", "description_and_impact": "A flaw in the GIMP image editor allows processing of a specially crafted PVR image file with large dimensions to trigger a stack\u2011based buffer overflow and an out\u2011of\u2011bounds read in the PVR loader. The overflow causes the application to crash, resulting in a denial of service. The vulnerability does not provide a path to execute arbitrary code or compromise data confidentiality or integrity; the primary impact is loss of availability for the application instance that loaded the file.", "risk_and_exploitability": "The CVSS base score of 5.5 indicates moderate severity; no EPSS data is available and the vulnerability is not listed in the CISA KEV catalog. To exploit the flaw an attacker must supply a malicious PVR file to the GIMP process, typically by sending the file to a user who opens it. The attack vector is inferred as local or remote via application input. There is no known exploitation of lateral privilege escalation or data breach."}}}}, "created": "2026-04-15T22:15:15.707719+00:00", "updated": "2026-04-15T22:15:15.707730+00:00", "vendors": []}