HIGHCVE-2026-5201Published Modified CNA redhat
CVE-2026-5201: Gdk-pixbuf: gdk-pixbuf: denial of service via heap-based buffer overflow when processing a specially crafted jpeg image
A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for example, via thumbnail generation. Successful exploitation leads to application crashes and denial of service (DoS) conditions.
Metrics
- CVSS v3.1
- 7.5
- Severity
- HIGH
- Fixed in
- 0:2.36.12-5.el7_9
- Affected Products
- 32
Fix available
0:2.36.12-5.el7_90:2.36.12-7.el8_20:2.36.12-7.el8_40:2.36.12-7.el8_60:2.36.12-7.el8_80:2.36.12-8.el8_100:2.42.6-3.el9_0.10:2.42.6-4.el9_2.10:2.42.6-5.el9_4.10:2.42.6-6.el9_6.10:2.42.6-6.el9_7.10:2.42.6-6.el9_8.10:2.42.12-4.el10_0.40:2.42.12-4.el10_1.50:2.42.12-4.el10_2.5177824453117782445461778244559177827466617792236511779223654
Affected packages
- Red Hat / Red Hat Enterprise Linux 10Fixed in 0:2.42.12-4.el10_1.5
- Red Hat / Red Hat Enterprise Linux 10Fixed in 0:2.42.12-4.el10_2.5
- Red Hat / Red Hat Enterprise Linux 10.0 Extended Update SupportFixed in 0:2.42.12-4.el10_0.4
- Red Hat / Red Hat Enterprise Linux 7 Extended Lifecycle SupportFixed in 0:2.36.12-5.el7_9
- Red Hat / Red Hat Enterprise Linux 8Fixed in 0:2.36.12-8.el8_10
- Red Hat / Red Hat Enterprise Linux 8Fixed in 0:2.36.12-8.el8_10
- Red Hat / Red Hat Enterprise Linux 8.2 Advanced Update SupportFixed in 0:2.36.12-7.el8_2
- Red Hat / Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportFixed in 0:2.36.12-7.el8_4
- Red Hat / Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnFixed in 0:2.36.12-7.el8_4
- Red Hat / Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportFixed in 0:2.36.12-7.el8_6
- Red Hat / Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceFixed in 0:2.36.12-7.el8_6
- Red Hat / Red Hat Enterprise Linux 8.6 Update Services for SAP SolutionsFixed in 0:2.36.12-7.el8_6
- Red Hat / Red Hat Enterprise Linux 8.8 Telecommunications Update ServiceFixed in 0:2.36.12-7.el8_8
- Red Hat / Red Hat Enterprise Linux 8.8 Update Services for SAP SolutionsFixed in 0:2.36.12-7.el8_8
- Red Hat / Red Hat Enterprise Linux 9Fixed in 0:2.42.6-6.el9_7.1
- Red Hat / Red Hat Enterprise Linux 9Fixed in 0:2.42.6-6.el9_8.1
- Red Hat / Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsFixed in 0:2.42.6-3.el9_0.1
- Red Hat / Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsFixed in 0:2.42.6-4.el9_2.1
- Red Hat / Red Hat Enterprise Linux 9.4 Extended Update SupportFixed in 0:2.42.6-5.el9_4.1
- Red Hat / Red Hat Enterprise Linux 9.6 Extended Update SupportFixed in 0:2.42.6-6.el9_6.1
- Red Hat / Red Hat AI Inference Server 3.2Fixed in 1779223654
- Red Hat / Red Hat AI Inference Server 3.2Fixed in 1779223651
- Red Hat / Red Hat AI Inference Server 3.3Fixed in 1778244559
- Red Hat / Red Hat AI Inference Server 3.3Fixed in 1778244531
- Red Hat / Red Hat AI Inference Server 3.3Fixed in 1778274666
- Red Hat / Red Hat AI Inference Server 3.3Fixed in 1778244546
- Red Hat / Red Hat Enterprise Linux 10
- Red Hat / Red Hat Enterprise Linux 10
- Red Hat / Red Hat Enterprise Linux 10
- Red Hat / Red Hat Enterprise Linux 10
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HReferences
- RHSA-2026:10707
- RHSA-2026:10708
- RHSA-2026:10741
- RHSA-2026:11325
- RHSA-2026:11326
- RHSA-2026:11327
- RHSA-2026:11328
- RHSA-2026:11806
- RHSA-2026:12060
- RHSA-2026:12061
- RHSA-2026:12062
- RHSA-2026:12114
- RHSA-2026:12115
- RHSA-2026:16008
- RHSA-2026:16009
- RHSA-2026:16030
- RHSA-2026:16174
- RHSA-2026:19127
- RHSA-2026:19210
- RHSA-2026:19724
- RHSA-2026:19725
- access.redhat.com
- RHBZ#2453291
- gitlab.gnome.org