VDB
GHSA-9pr2-m366-8728
GHSA-9pr2-m366-8728
PUBLISHED
CVSS 7.5 HIGH
A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for example, via thumbnail generation. Successful exploitation leads to application crashes and denial of service (DoS) conditions.
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Timeline
- Mar 31, 2026 CVE Published
- Apr 10, 2026 Security Advisory
- Apr 30, 2026 CVE Updated
- May 7, 2026 Distribution Patch
- May 7, 2026 Distribution Patch
- May 7, 2026 Distribution Patch
- May 7, 2026 Distribution Patch
- May 7, 2026 Distribution Patch
- May 7, 2026 Distribution Patch
- May 7, 2026 Distribution Patch
- May 7, 2026 Distribution Patch
- May 7, 2026 Distribution Patch
References
- https://nvd.nist.gov/vuln/detail/CVE-2026-5201 advisory
- https://access.redhat.com/security/cve/CVE-2026-5201 url
- https://bugzilla.redhat.com/show_bug.cgi?id=2453291 url
- https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/304 url
- https://lists.debian.org/debian-lts-announce/2026/04/msg00010.html url
- https://access.redhat.com/errata/RHSA-2026:12115 url
- https://access.redhat.com/errata/RHSA-2026:12114 url
- https://access.redhat.com/errata/RHSA-2026:12062 url
- https://access.redhat.com/errata/RHSA-2026:12061 url
- https://access.redhat.com/errata/RHSA-2026:12060 url
- https://access.redhat.com/errata/RHSA-2026:11806 url
- https://access.redhat.com/errata/RHSA-2026:11328 url
- https://access.redhat.com/errata/RHSA-2026:11327 url
- https://access.redhat.com/errata/RHSA-2026:11326 url
- https://access.redhat.com/errata/RHSA-2026:11325 url
- https://access.redhat.com/errata/RHSA-2026:10741 url
- https://access.redhat.com/errata/RHSA-2026:10708 url
- https://access.redhat.com/errata/RHSA-2026:10707 url