CVE-2026-2048

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GIMP (affected versions not specified)

Description A flaw exists in GIMP’s parsing of XWD files, leading to a potential out-of-bounds write. This can allow a remote attacker to execute arbitrary code on systems running affected versions of GIMP. User interaction is required, as the target must open a malicious file or visit a malicious page. The issue stems from insufficient validation of user-supplied data, which can lead to writing beyond the bounds of an allocated buffer. An attacker could exploit this to execute code within the current process.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2026:4173

ALSA-2026:5113

BDU:2026-06702

CVE-2026-2048

OESA-2026-1714

RHSA-2026:4173

RHSA-2026:5113

RHSA-2026:5388

RHSA-2026:5389

RHSA-2026:5390

RHSA-2026:5391

RHSA-2026:5434

RHSA-2026:5435

RHSA-2026:5436

RHSA-2026:5437

SUSE-SU-2026:0684-1

ZDI-26-121

Affected Products

Gimp

Red Os

Rocky Linux

CVE-2026-2048

Weakness Enumeration

Related Identifiers

Affected Products

References · 63