A flaw was found in GIMP's PSP (Paint Shop Pro) file parser. A remote attacker could exploit an integer overflow vulnerability in the read_creator_block() function by providing a specially crafted PSP image file. This vulnerability occurs when a 32-bit length value from the file is used for memory allocation without proper validation, leading to a heap overflow and an out-of-bounds write. Successful exploitation could result in an application level denial of service.
PUBLISHED5.2CWE-190
Gimp: gimp: denial of service via crafted psp image file
Problem type
Affected products
Red Hat
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 9
References
access.redhat.com
https://access.redhat.com/security/cve/CVE-2026-2271
RHBZ#2438429
https://bugzilla.redhat.com/show_bug.cgi?id=2438429
GitHub Security Advisories
GHSA-688g-4qr3-6q47
A flaw was found in GIMP's PSP (Paint Shop Pro) file parser. A remote attacker could exploit an...
https://github.com/advisories/GHSA-688g-4qr3-6q47A flaw was found in GIMP's PSP (Paint Shop Pro) file parser. A remote attacker could exploit an integer overflow vulnerability in the read_creator_block() function by providing a specially crafted PSP image file. This vulnerability occurs when a 32-bit length value from the file is used for memory allocation without proper validation, leading to a heap overflow and an out-of-bounds write. Successful exploitation could result in an application level denial of service.
nvd.nist.gov
https://nvd.nist.gov/vuln/detail/CVE-2026-2271
access.redhat.com
https://access.redhat.com/security/cve/CVE-2026-2271
bugzilla.redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2438429
gitlab.gnome.org
https://gitlab.gnome.org/GNOME/gimp/-/issues/15732
github.com
https://github.com/advisories/GHSA-688g-4qr3-6q47
JSON source
https://cveawg.mitre.org/api/cve/CVE-2026-2271Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2026-2271",
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"dateUpdated": "2026-03-26T20:00:09.397Z",
"dateReserved": "2026-02-10T09:32:16.763Z",
"datePublished": "2026-03-26T20:00:09.397Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat",
"dateUpdated": "2026-03-26T20:00:09.397Z"
},
"datePublic": "2026-02-10T09:09:00.000Z",
"title": "Gimp: gimp: denial of service via crafted psp image file",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in GIMP's PSP (Paint Shop Pro) file parser. A remote attacker could exploit an integer overflow vulnerability in the read_creator_block() function by providing a specially crafted PSP image file. This vulnerability occurs when a 32-bit length value from the file is used for memory allocation without proper validation, leading to a heap overflow and an out-of-bounds write. Successful exploitation could result in an application level denial of service."
}
],
"affected": [
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 6",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "gimp",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown"
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "gimp",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected"
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "gimp:2.8/gimp",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected"
},
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "gimp",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected"
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "Integer Overflow or Wraparound",
"cweId": "CWE-190",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2026-2271",
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438429",
"name": "RHBZ#2438429",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
]
}
],
"metrics": [
{},
{
"format": "CVSS",
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW"
}
}
],
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"timeline": [
{
"time": "2026-02-10T09:27:30.980Z",
"lang": "en",
"value": "Reported to Red Hat."
},
{
"time": "2026-02-10T09:09:00.000Z",
"lang": "en",
"value": "Made public."
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank wooseokdotkim for reporting this issue."
}
]
}
}
}