{"id":"USN-8156-2","summary":"gdk-pixbuf vulnerability","details":"USN-8156-1 fixed a vulnerability in GDK-PixBuf. This update provides the\ncorresponding update for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu\n20.04 LTS.\n\nOriginal advisory details:\n\n It was discovered that GDK-PixBuf incorrectly handled certain JPEG  files.\n An attacker could use this issue to cause GDK-PixBuf to  crash, resulting\n in a denial of service, or possibly execute  arbitrary code.","modified":"2026-06-10T01:29:29.423011680Z","published":"2026-06-09T16:27:37Z","related":["UBUNTU-CVE-2026-5201"],"upstream":["CVE-2026-5201","UBUNTU-CVE-2026-5201"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-8156-2"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-5201"}],"affected":[{"package":{"name":"gdk-pixbuf","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/gdk-pixbuf?arch=source&distro=esm-infra-legacy%2Fxenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.32.2-1ubuntu1.6+esm3"}]}],"versions":["2.32.1-1","2.32.2-1","2.32.2-1ubuntu1","2.32.2-1ubuntu1.2","2.32.2-1ubuntu1.3","2.32.2-1ubuntu1.4","2.32.2-1ubuntu1.5","2.32.2-1ubuntu1.6","2.32.2-1ubuntu1.6+esm1","2.32.2-1ubuntu1.6+esm2"],"ecosystem_specific":{"binaries":[{"binary_name":"gir1.2-gdkpixbuf-2.0","binary_version":"2.32.2-1ubuntu1.6+esm3"},{"binary_name":"libgdk-pixbuf2.0-0","binary_version":"2.32.2-1ubuntu1.6+esm3"},{"binary_name":"libgdk-pixbuf2.0-common","binary_version":"2.32.2-1ubuntu1.6+esm3"}],"availability":"Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:16.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2026-5201"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8156-2.json"}},{"package":{"name":"gdk-pixbuf","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/gdk-pixbuf?arch=source&distro=esm-infra%2Fbionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.36.11-2ubuntu0.1~esm3"}]}],"versions":["2.36.11-1","2.36.11-1ubuntu0.1","2.36.11-2","2.36.11-2ubuntu0.1~esm1","2.36.11-2ubuntu0.1~esm2"],"ecosystem_specific":{"binaries":[{"binary_name":"gir1.2-gdkpixbuf-2.0","binary_version":"2.36.11-2ubuntu0.1~esm3"},{"binary_name":"libgdk-pixbuf2.0-0","binary_version":"2.36.11-2ubuntu0.1~esm3"},{"binary_name":"libgdk-pixbuf2.0-bin","binary_version":"2.36.11-2ubuntu0.1~esm3"},{"binary_name":"libgdk-pixbuf2.0-common","binary_version":"2.36.11-2ubuntu0.1~esm3"}],"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:18.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2026-5201"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8156-2.json"}},{"package":{"name":"gdk-pixbuf","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/gdk-pixbuf?arch=source&distro=esm-infra%2Ffocal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.40.0+dfsg-3ubuntu0.5+esm3"}]}],"versions":["2.40.0+dfsg-1build1","2.40.0+dfsg-1ubuntu1","2.40.0+dfsg-2","2.40.0+dfsg-3","2.40.0+dfsg-3ubuntu0.1","2.40.0+dfsg-3ubuntu0.2","2.40.0+dfsg-3ubuntu0.3","2.40.0+dfsg-3ubuntu0.4","2.40.0+dfsg-3ubuntu0.5","2.40.0+dfsg-3ubuntu0.5+esm1"],"ecosystem_specific":{"binaries":[{"binary_name":"gir1.2-gdkpixbuf-2.0","binary_version":"2.40.0+dfsg-3ubuntu0.5+esm3"},{"binary_name":"libgdk-pixbuf2.0-0","binary_version":"2.40.0+dfsg-3ubuntu0.5+esm3"},{"binary_name":"libgdk-pixbuf2.0-bin","binary_version":"2.40.0+dfsg-3ubuntu0.5+esm3"},{"binary_name":"libgdk-pixbuf2.0-common","binary_version":"2.40.0+dfsg-3ubuntu0.5+esm3"}],"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:20.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2026-5201"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8156-2.json"}}],"schema_version":"1.7.5"}