GIMP PSD Heap-BUF-overflow in fread_pascal_string Causes DoS
CVE-2026-2239 Published on March 26, 2026
Gimp: gimp: application crash (dos) via crafted psd file due to heap-buffer-overflow
A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the fread_pascal_string function when processing a specially crafted PSD (Photoshop Document) file. This occurs because the buffer allocated for a Pascal string is not properly null-terminated, leading to an out-of-bounds read when strlen() is subsequently called. Successfully exploiting this vulnerability can cause the application to crash, resulting in an application level Denial of Service.
Vulnerability Analysis
CVE-2026-2239 can be exploited with local system access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a small impact on availability.
Timeline
Reported to Red Hat.
Made public.
Weakness Type
Improper Null Termination
The software does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator. Null termination errors frequently occur in two different ways. An off-by-one error could cause a null to be written out of bounds, leading to an overflow. Or, a program could use a strncpy() function call incorrectly, which prevents a null terminator from being added at all. Other scenarios are possible.
Products Associated with CVE-2026-2239
Want to know whenever a new CVE is published for Red Hat Enterprise Linux (RHEL)? stack.watch will email you.
