Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.8
GIMP Can Execute Malicious Code When Opening Certain Files
CVE-2026-2047
Summary
If you use GIMP, a hacker can potentially take control of your computer by tricking you into opening a malicious file. You can protect yourself by avoiding opening unknown files from untrusted sources. Consider updating to the latest version of GIMP to fix this security issue.
Original title
GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User i...
Original description
GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of ICNS files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28530.
The specific flaw exists within the parsing of ICNS files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28530.
osv CVSS3.1
7.8
Published: 20 Feb 2026 · Updated: 13 Mar 2026 · First seen: 13 Mar 2026