Gdk-pixbuf: gdk-pixbuf: denial of service via heap-based buffer overflow when processing a specially crafted jpeg image

Description

A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for example, via thumbnail generation. Successful exploitation leads to application crashes and denial of service (DoS) conditions.

Affected Products

Vendor	Product	Versions
gdk	—	—

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
open source	gdk-pixbuf	cert_advisory	90%

References

https://access.redhat.com/security/cve/CVE-2026-5201(vdb-entry, x_refsource_REDHAT)
https://bugzilla.redhat.com/show_bug.cgi?id=2453291(issue-tracking, x_refsource_REDHAT)
https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/304

Related News (2 articles)

Tier B

BSI Advisories4h ago

[NEU] [mittel] gdk-pixbuf: Schwachstelle ermöglicht Denial of Service und potenzielle Codeausführung

→ No new info (linked only)

Tier C

VulDB1d ago

CVE-2026-5201 | gdk-pixbuf JPEG Image Loader heap-based overflow

→ No new info (linked only)

CVSS 3.17.5 HIGH

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-122

PublishedMar 31, 2026

Last enriched4h agov2

Trending Score67

Source articles2

Independent2

Info Completeness8/14

Missing: versions, epss, kev, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Gdk-pixbuf: gdk-pixbuf: denial of service via heap-based buffer overflow when processing a specially crafted jpeg image

Description

Affected Products

Also Affects

References

Related News (2 articles)

Community Vote

Pin to Dashboard

Verification

Vulnerability Timeline

Version History