FKIE_CVE-2026-2271

Vulnerability from fkie_nvd - Published: 2026-03-26 21:17 - Updated: 2026-03-30 13:26
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Summary
A flaw was found in GIMP's PSP (Paint Shop Pro) file parser. A remote attacker could exploit an integer overflow vulnerability in the read_creator_block() function by providing a specially crafted PSP image file. This vulnerability occurs when a 32-bit length value from the file is used for memory allocation without proper validation, leading to a heap overflow and an out-of-bounds write. Successful exploitation could result in an application level denial of service.
References
secalert@redhat.comhttps://access.redhat.com/security/cve/CVE-2026-2271
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2438429
secalert@redhat.comhttps://gitlab.gnome.org/GNOME/gimp/-/issues/15732
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in GIMP\u0027s PSP (Paint Shop Pro) file parser. A remote attacker could exploit an integer overflow vulnerability in the read_creator_block() function by providing a specially crafted PSP image file. This vulnerability occurs when a 32-bit length value from the file is used for memory allocation without proper validation, leading to a heap overflow and an out-of-bounds write. Successful exploitation could result in an application level denial of service."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 una falla en el analizador de archivos PSP (Paint Shop Pro) de GIMP. Un atacante remoto podr\u00eda explotar una vulnerabilidad de desbordamiento de entero en la funci\u00f3n read_creator_block() al proporcionar un archivo de imagen PSP especialmente dise\u00f1ado. Esta vulnerabilidad ocurre cuando un valor de longitud de 32 bits del archivo se utiliza para la asignaci\u00f3n de memoria sin una validaci\u00f3n adecuada, lo que lleva a un desbordamiento de mont\u00edculo y una escritura fuera de l\u00edmites. La explotaci\u00f3n exitosa podr\u00eda resultar en una denegaci\u00f3n de servicio a nivel de aplicaci\u00f3n."
    }
  ],
  "id": "CVE-2026-2271",
  "lastModified": "2026-03-30T13:26:50.827",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 3.3,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 1.4,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-03-26T21:17:04.713",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2271"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438429"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://gitlab.gnome.org/GNOME/gimp/-/issues/15732"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.