{"id":"CVE-2026-2272","summary":"Gimp: gimp: memory corruption due to integer overflow in ico file handling","details":"A flaw was found in GIMP. An integer overflow vulnerability exists when processing ICO image files, specifically in the `ico_read_info` and `ico_read_icon` functions. This issue arises because a size calculation for image buffers can wrap around due to a 32-bit integer evaluation, allowing oversized image headers to bypass security checks. A remote attacker could exploit this by providing a specially crafted ICO file, leading to a buffer overflow and memory corruption, which may result in an application level denial of service.","modified":"2026-07-08T07:43:46.271334524Z","published":"2026-03-26T20:00:10.110Z","related":["SUSE-SU-2026:0604-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/2xxx/CVE-2026-2272.json","cwe_ids":["CWE-190"],"cna_assigner":"redhat"},"references":[{"type":"WEB","url":"https://access.redhat.com/downloads/content/package-browser/"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2026-2272"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/2xxx/CVE-2026-2272.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2272"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438428"},{"type":"REPORT","url":"https://gitlab.gnome.org/GNOME/gimp/-/issues/15617"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gnome/gimp","events":[{"introduced":"a77e8fd05d3d08a58650531a3700100f6a3216b7"},{"last_affected":"a77e8fd05d3d08a58650531a3700100f6a3216b7"}],"database_specific":{"extracted_events":[{"introduced":"3.0.6"},{"last_affected":"3.0.6"}],"cpe":"cpe:2.3:a:gimp:gimp:3.0.6:*:*:*:*:*:*:*","source":"CPE_STRING"}}],"versions":["3.0.6","GIMP_3_0_6"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-2272.json"}},{"ranges":[{"type":"GIT","repo":"https://gitlab.gnome.org/gnome/gimp","events":[{"introduced":"a77e8fd05d3d08a58650531a3700100f6a3216b7"},{"last_affected":"a77e8fd05d3d08a58650531a3700100f6a3216b7"}],"database_specific":{"extracted_events":[{"introduced":"3.0.6"},{"last_affected":"3.0.6"}],"cpe":"cpe:2.3:a:gimp:gimp:3.0.6:*:*:*:*:*:*:*","source":"CPE_STRING"}}],"versions":["3.0.6","GIMP_3_0_6"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-2272.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}]}