How is CVE-2026-2049 exploited?

Network reachability (not-required): The attacker does not need direct network access to the host; they need an existing shell or process on the host, or must deliver a malicious HDR file through another channel such as email or a web download. Authentication (not-required): No account or credentials on the target system are required; the attacker only needs to get the victim to open a crafted file. Victim interaction (required): The target user must actively open a malicious HDR file or visit a page that triggers GIMP to parse one, making social engineering a necessary part of the attack chain. Attack complexity (info): Attack complexity is low, meaning the exploit is reliable and does not depend on race conditions, specific memory layouts, or other environmental variables beyond getting the victim to open the file.

What is the impact of CVE-2026-2049?

The attacker executes arbitrary code in the context of the GIMP process, gaining the same filesystem and network permissions as the logged-in user. Files accessible to the running user, including documents, credentials, and SSH keys, can be read or exfiltrated. The attacker can write or modify files owned by the current user, including configuration files and scripts that may affect other processes. The GIMP process and any dependent workflows are crashed or hijacked, disrupting image-processing pipelines or automation that relies on GIMP.

Back to search

HIGHCVE-2026-2049Published 2026-06-10Modified 2026-06-11CNA zdi

CVE-2026-2049: GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of HDR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28618.

CVSS v3.0: 7.8
Severity: HIGH
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

A heap-based buffer overflow exists in GIMP's HDR file parser. The flaw is triggered locally when a user opens a maliciously crafted HDR image file, requiring no authentication but needing the user to interact with the file. Successful exploitation gives the attacker full code execution in the context of the running GIMP process, enabling complete compromise of confidentiality, integrity, and availability. No upstream fix has been published yet; HarborGuard tracks this advisory and will make a patched-image rebuild available as soon as a fix version is released.

HarborGuard Coverage

Detection

Detection of CVE-2026-2049 is available across every HarborGuard environment: the CVE is ingested from upstream feeds, including the ZDI advisory, within minutes of publication and matched against customer images in registries and CI/CD pipelines. Coverage extends to custom-built images that bundle GIMP 3.2.0-RC1, not just official base images.

Available

Triage

Triage is available with the CVSS v3.0 score of 7.8 (HIGH) surfaced alongside per-environment compliance policy weighting, so teams can calibrate urgency against their own risk thresholds. Findings are routed to the appropriate inbox within each customer organization based on image ownership and policy configuration.

Available

Patch

Because no fix version has been published, HarborGuard re-checks the upstream advisory on every ingest cycle; a patched-image rebuild will become available automatically the moment an upstream fix is released. In the meantime, HarborGuard can surface compensating-control recommendations such as network-policy isolation for workloads that process untrusted HDR files and feature-flag or entrypoint restrictions to limit GIMP's file-format handlers in container environments.

Pending upstream

Exploit Conditions

Network reachabilityNot required
The attacker does not need direct network access to the host; they need an existing shell or process on the host, or must deliver a malicious HDR file through another channel such as email or a web download.
AuthenticationNot required
No account or credentials on the target system are required; the attacker only needs to get the victim to open a crafted file.
Victim interactionRequired
The target user must actively open a malicious HDR file or visit a page that triggers GIMP to parse one, making social engineering a necessary part of the attack chain.
Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and does not depend on race conditions, specific memory layouts, or other environmental variables beyond getting the victim to open the file.

Blast Radius

The attacker executes arbitrary code in the context of the GIMP process, gaining the same filesystem and network permissions as the logged-in user.
Files accessible to the running user, including documents, credentials, and SSH keys, can be read or exfiltrated.
The attacker can write or modify files owned by the current user, including configuration files and scripts that may affect other processes.
The GIMP process and any dependent workflows are crashed or hijacked, disrupting image-processing pipelines or automation that relies on GIMP.

How HarborGuard Handles This

Available on HarborGuard: because no upstream fix for CVE-2026-2049 has been published, HarborGuard monitors the ZDI advisory and upstream GIMP release channels on every ingest cycle and will make a patched-image rebuild available automatically the moment a fix version appears. While no patch exists, customers can apply compensating controls through HarborGuard policy: network-policy isolation can restrict workloads that process user-supplied HDR files, egress filtering can limit what a compromised GIMP process can reach, and entrypoint or seccomp profiles can constrain the file-format handlers available inside GIMP containers. For customers with auto-remediation enabled, once an upstream fix is published, a rebuilt image, regression-test run, and a PR opened against affected workloads will be triggered automatically. Customers without auto-remediation will receive an alert with the patched version details for manual action.

See how HarborGuard automates this

Affected packages

GIMP / GIMP
3.2.0-RC1

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

Metrics

Get notified