CVE-2026-40916 MEDIUM

CVE-2026-40916: Gimp: gimp: denial of service due to stack buffer overflow in tim image loader

Vendor Red Hat
Product Red Hat Enterprise Linux 6
Weakness CWE-787
Published April 15, 2026
Last update April 28, 2026

CVSS base score

5.0/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

A flaw was found in GIMP. A stack buffer overflow vulnerability in the TIM image loader's 4BPP decoding path allows a local user to cause a Denial of Service (DoS). By opening a specially crafted TIM image file, the application crashes due to an unconditional overflow when writing to a variable-length array.

Key dates

02Disclosure timeline

April 15, 2026 CVE published
April 28, 2026 Record updated