Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.5
CVE-2026-40916: GIMP crashes when opening a malicious image file
CVE-2026-40916
Summary
A security issue in GIMP's image loader can cause the program to crash if it's opened with a specially crafted image file. This could prevent you from using GIMP on your computer. To stay safe, keep your GIMP software up to date with the latest security patches.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions |
|---|---|---|
| gimp | gimp |
All versions
cpe:2.3:a:gimp:gimp:-:*:*:*:*:*:*:* |
| redhat | enterprise_linux |
6.0 7.0 8.0 9.0 cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* |
Original title
A flaw was found in GIMP. A stack buffer overflow vulnerability in the TIM image loader's 4BPP decoding path allows a local user to cause a Denial of Service (DoS). By opening a specially crafted T...
Original description
A flaw was found in GIMP. A stack buffer overflow vulnerability in the TIM image loader's 4BPP decoding path allows a local user to cause a Denial of Service (DoS). By opening a specially crafted TIM image file, the application crashes due to an unconditional overflow when writing to a variable-length array.
nvd CVSS3.1
5.0
Vulnerability type
CWE-787
Out-of-bounds Write
Published: 15 Apr 2026 · Updated: 15 Jun 2026 · First seen: 15 Apr 2026