CVE-2026-2271

A flaw was found in GIMP's PSP (Paint Shop Pro) file parser. A remote attacker could exploit an integer overflow vulnerability in the read_creator_block() function by providing a specially crafted PSP image file. This vulnerability occurs when a 32-bit length value from the file is used for memory allocation without proper validation, leading to a heap overflow and an out-of-bounds write. Successful exploitation could result in an application level denial of service.

CVSS v3 3.3 LOW

3.3^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2026-2271
https://bugzilla.redhat.com/show_bug.cgi?id=2438429
https://gitlab.gnome.org/GNOME/gimp/-/issues/15732

Configurations

No configuration.

History

No history.

Information

Published : 2026-03-26 21:17

Updated : 2026-03-30 13:26

NVD link : CVE-2026-2271

Mitre link : CVE-2026-2271

CVE.ORG link : CVE-2026-2271

JSON object : View

Products Affected

No product.

CWE

CWE-190

Integer Overflow or Wraparound

{"id": "CVE-2026-2271", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2026-03-26T21:17:04.713", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-2271", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438429", "source": "secalert@redhat.com"}, {"url": "https://gitlab.gnome.org/GNOME/gimp/-/issues/15732", "source": "secalert@redhat.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in GIMP's PSP (Paint Shop Pro) file parser. A remote attacker could exploit an integer overflow vulnerability in the read_creator_block() function by providing a specially crafted PSP image file. This vulnerability occurs when a 32-bit length value from the file is used for memory allocation without proper validation, leading to a heap overflow and an out-of-bounds write. Successful exploitation could result in an application level denial of service."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en el analizador de archivos PSP (Paint Shop Pro) de GIMP. Un atacante remoto podr\u00eda explotar una vulnerabilidad de desbordamiento de entero en la funci\u00f3n read_creator_block() al proporcionar un archivo de imagen PSP especialmente dise\u00f1ado. Esta vulnerabilidad ocurre cuando un valor de longitud de 32 bits del archivo se utiliza para la asignaci\u00f3n de memoria sin una validaci\u00f3n adecuada, lo que lleva a un desbordamiento de mont\u00edculo y una escritura fuera de l\u00edmites. La explotaci\u00f3n exitosa podr\u00eda resultar en una denegaci\u00f3n de servicio a nivel de aplicaci\u00f3n."}], "lastModified": "2026-03-30T13:26:50.827", "sourceIdentifier": "secalert@redhat.com"}