7.5

CVE-2026-5201

Gdk-pixbuf: gdk-pixbuf: denial of service via heap-based buffer overflow when processing a specially crafted jpeg image

A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for example, via thumbnail generation. Successful exploitation leads to application crashes and denial of service (DoS) conditions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnomeGdk-pixbuf Version-
RedhatEnterprise Linux Version7.0
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Version9.0
RedhatEnterprise Linux Version10.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.07% 0.604
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secalert@redhat.com 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-122 Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

https://access.redhat.com/security/cve/CVE-2026-5201
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2453291
Third Party Advisory
Issue Tracking
https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/304
Vendor Advisory
Issue Tracking
https://lists.debian.org/debian-lts-announce/2026/04/msg00010.html
Third Party Advisory
Mailing List
https://access.redhat.com/errata/RHSA-2026:10708
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:10707
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:10741
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:11325
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:11326
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:11327
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:11328
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:11806
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:12060
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:12061
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:12114
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:12115
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:12062
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:16174
https://access.redhat.com/errata/RHSA-2026:16008
https://access.redhat.com/errata/RHSA-2026:16009
https://access.redhat.com/errata/RHSA-2026:16030
https://access.redhat.com/errata/RHSA-2026:19127
https://access.redhat.com/errata/RHSA-2026:19210
https://access.redhat.com/errata/RHSA-2026:19725
https://access.redhat.com/errata/RHSA-2026:19724
https://access.redhat.com/errata/RHSA-2026:25096
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5201.json