HeapBased Buffer Overflow in gdkpixbuf JPEG Loader Causing DoS
CVE-2026-5201 Published on March 31, 2026

Gdk-pixbuf: gdk-pixbuf: denial of service via heap-based buffer overflow when processing a specially crafted jpeg image
A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for example, via thumbnail generation. Successful exploitation leads to application crashes and denial of service (DoS) conditions.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Vulnerability Analysis

CVE-2026-5201 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

NONE

Integrity Impact:

NONE

Availability Impact:

HIGH

Timeline

2026-03-31

Reported to Red Hat.

2026-03-31

Made public.

Weakness Type

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Products Associated with CVE-2026-5201

Want to know whenever a new CVE is published for Red Hat products? stack.watch will email you.

Red Hat Enterprise Linux (RHEL)

Red Hat Enterprise Linux Eus

Red Hat Rhel E4s

Red Hat Rhel Eus

Red Hat Rhel Aus

Red Hat Rhel Tus

Red Hat Rhel Els

Red Hat Rhel Eus Long Life

Red Hat Ai Inference Server

Affected Versions

Red Hat Enterprise Linux 10:

Version 0:2.42.12-4.el10_1.5 and below * is unaffected.

Red Hat Enterprise Linux 10.0 Extended Update Support:

Version 0:2.42.12-4.el10_0.4 and below * is unaffected.

Red Hat Enterprise Linux 7 Extended Lifecycle Support:

Version 0:2.36.12-5.el7_9 and below * is unaffected.

Red Hat Enterprise Linux 8:

Version 0:2.36.12-8.el8_10 and below * is unaffected.

Red Hat Enterprise Linux 8:

Version 0:2.36.12-8.el8_10 and below * is unaffected.

Red Hat Enterprise Linux 8.2 Advanced Update Support:

Version 0:2.36.12-7.el8_2 and below * is unaffected.

Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support:

Version 0:2.36.12-7.el8_4 and below * is unaffected.

Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On:

Version 0:2.36.12-7.el8_4 and below * is unaffected.

Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support:

Version 0:2.36.12-7.el8_6 and below * is unaffected.

Red Hat Enterprise Linux 8.6 Telecommunications Update Service:

Version 0:2.36.12-7.el8_6 and below * is unaffected.

Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions:

Version 0:2.36.12-7.el8_6 and below * is unaffected.

Red Hat Enterprise Linux 8.8 Telecommunications Update Service:

Version 0:2.36.12-7.el8_8 and below * is unaffected.

Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions:

Version 0:2.36.12-7.el8_8 and below * is unaffected.

Red Hat Enterprise Linux 9:

Version 0:2.42.6-6.el9_7.1 and below * is unaffected.

Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions:

Version 0:2.42.6-3.el9_0.1 and below * is unaffected.

Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions:

Version 0:2.42.6-4.el9_2.1 and below * is unaffected.

Red Hat Enterprise Linux 9.4 Extended Update Support:

Version 0:2.42.6-5.el9_4.1 and below * is unaffected.

Red Hat Enterprise Linux 9.6 Extended Update Support:

Version 0:2.42.6-6.el9_6.1 and below * is unaffected.

Red Hat AI Inference Server 3.3:

Version 1778244559 and below * is unaffected.

Red Hat AI Inference Server 3.3:

Version 1778244531 and below * is unaffected.

Red Hat AI Inference Server 3.3:

Version 1778274666 and below * is unaffected.

Red Hat AI Inference Server 3.3:

Version 1778244546 and below * is unaffected.

Red Hat Enterprise Linux 10: Red Hat Enterprise Linux 10: Red Hat Enterprise Linux 10: Red Hat Enterprise Linux 10: Red Hat Enterprise Linux 6: Red Hat Enterprise Linux 9:

Exploit Probability

EPSS

0.13%

Percentile

32.40%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

HeapBased Buffer Overflow in gdkpixbuf JPEG Loader Causing DoSCVE-2026-5201 Published on March 31, 2026

Vulnerability Analysis

Timeline

Weakness Type

Heap-based Buffer Overflow

Products Associated with CVE-2026-5201

Affected Versions

Exploit Probability

HeapBased Buffer Overflow in gdkpixbuf JPEG Loader Causing DoS
CVE-2026-5201 Published on March 31, 2026