PT-2026-58168 · Microsoft · Gdi+

Published

2026-07-14

·

Updated

2026-07-15

·

CVE-2026-49796

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Windows GDI+ (affected versions not specified)
Description A heap-based buffer overflow exists in Windows GDI+, which allows an unauthorized attacker to execute code locally. This issue can lead to remote code execution (RCE) on PCs and servers when viewing specific content.
Recommendations Install the update released on July 14.

Fix

RCE

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-49796

Affected Products

Gdi+