Vulnerability Details CVE-2026-40916
A flaw was found in GIMP. A stack buffer overflow vulnerability in the TIM image loader's 4BPP decoding path allows a local user to cause a Denial of Service (DoS). By opening a specially crafted TIM image file, the application crashes due to an unconditional overflow when writing to a variable-length array.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 0.3%
CVSS Severity
CVSS v3 Score 5.0
References
Products affected by CVE-2026-40916
-
cpe:2.3:a:gimp:gimp:-
-
cpe:2.3:o:redhat:enterprise_linux:6.0
-
cpe:2.3:o:redhat:enterprise_linux:7.0
-
cpe:2.3:o:redhat:enterprise_linux:8.0
-
cpe:2.3:o:redhat:enterprise_linux:9.0