This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2026-4154.
ZDI-26-221: GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability
Kurzinfo
Metadaten
- Original (extern): Link oeffnen
- Veroeffentlicht: 2026-03-19 05:00 UTC
- Importiert: 2026-05-15 01:45 UTC
- CVSS: 7.8
- Quelle-ID:
zdi_pub - uid_hash:
5e02f1714a3cfc1f64196de1174dbf8323921f5897f9937878ca2162c5b02cec
Inhalt
Verknuepfte CVEs
| CVE-ID | CVE-Schwere | CVSS (CVE.org) | EPSS | EPSS-Pctl | Veroeffentlicht (CVE.org) |
|---|---|---|---|---|---|
| HIGH | 7.8 | - | - | 2026-04-11 |
Quellen-Details
| Bezeichnung | Name | Kategorie | Tags | Zielgruppe | Sprache | Feed-URL |
|---|---|---|---|---|---|---|
| Zero Day Initiative (Published) | threat_intel | - | de | https://www.zerodayinitiative.com/rss/published/ |