CVE-2026-5201
7.5 HIGHA flaw was found in the gdk-pixbuf library
Published: 2026-03-31 · Last updated: 2026-06-10
Severity and scoring
- CVSS
- 7.5 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- CWE
- CWE-122
Affected products
| Vendor | Product |
|---|---|
| gnome | enterprise_linux, enterprise_linux_server_aus, enterprise_linux_server_tus |
| redhat | enterprise_linux, enterprise_linux_server_aus, enterprise_linux_server_tus |
Description
A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for example, via thumbnail generation. Successful exploitation leads to application crashes and denial of service (DoS) conditions.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-5201
- [Other]https://access.redhat.com/errata/RHSA-2026:10707
- [Other]https://access.redhat.com/errata/RHSA-2026:10708
- [Other]https://access.redhat.com/errata/RHSA-2026:10741
- [Other]https://access.redhat.com/errata/RHSA-2026:11325
- [Other]https://access.redhat.com/errata/RHSA-2026:11326
- [Other]https://access.redhat.com/errata/RHSA-2026:11327
- [Other]https://access.redhat.com/errata/RHSA-2026:11328
- [Other]https://access.redhat.com/errata/RHSA-2026:11806
- [Other]https://access.redhat.com/errata/RHSA-2026:12060
- [Other]https://access.redhat.com/errata/RHSA-2026:12061
- [Other]https://access.redhat.com/errata/RHSA-2026:12062
- [Other]https://access.redhat.com/errata/RHSA-2026:12114
- [Other]https://access.redhat.com/errata/RHSA-2026:12115
- [Other]https://access.redhat.com/errata/RHSA-2026:16008
- [Other]https://access.redhat.com/errata/RHSA-2026:16009
- [Other]https://access.redhat.com/errata/RHSA-2026:16030
- [Other]https://access.redhat.com/errata/RHSA-2026:16174
- [Other]https://access.redhat.com/errata/RHSA-2026:19127
- [Other]https://access.redhat.com/errata/RHSA-2026:19210
- [Other]https://access.redhat.com/errata/RHSA-2026:19724
- [Other]https://access.redhat.com/errata/RHSA-2026:19725
- [Other]https://access.redhat.com/errata/RHSA-2026:25096
- [Other]https://access.redhat.com/security/cve/CVE-2026-5201
- [Other]https://bugzilla.redhat.com/show_bug.cgi?id=2453291
- [Vendor advisory]https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/304
- [Other]https://lists.debian.org/debian-lts-announce/2026/04/msg00010.html
Related CVEs
Same vendor
- CVE-2026-50259 — A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland (7.8 HIGH)
- CVE-2026-50258 — A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland (7.8 HIGH)
- CVE-2026-50257 — A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence() (7.8 HIGH)
- CVE-2026-50256 — A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland (7.8 HIGH)
- CVE-2026-1784 — The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy (8.8 HIGH)
Same CWE
- CVE-2026-53465 — ImageMagick is free and open-source software used for editing and manipulating digital images (6.2 MEDIUM)
- CVE-2026-48994 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.9 MEDIUM)
- CVE-2026-46692 — ImageMagick is free and open-source software used for editing and manipulating digital images (4.1 MEDIUM)
- CVE-2026-46520 — ImageMagick is free and open-source software used for editing and manipulating digital images (7.5 HIGH)
- CVE-2026-2049 — GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability (7.8 HIGH)