CVE-2026-2272 MEDIUM

CVE-2026-2272: Gimp: gimp: memory corruption due to integer overflow in ico file handling

Vendor Red Hat
Product Red Hat Enterprise Linux 6
Weakness CWE-190
Published March 26, 2026
Last update April 3, 2026

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

A flaw was found in GIMP. An integer overflow vulnerability exists when processing ICO image files, specifically in the `ico_read_info` and `ico_read_icon` functions. This issue arises because a size calculation for image buffers can wrap around due to a 32-bit integer evaluation, allowing oversized image headers to bypass security checks. A remote attacker could exploit this by providing a specially crafted ICO file, leading to a buffer overflow and memory corruption, which may result in an application level denial of service.

Key dates

02Disclosure timeline

March 26, 2026 CVE published
April 3, 2026 Record updated