A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for example, via thumbnail generation. Successful exploitation leads to application crashes and denial of service (DoS) conditions.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

Vendors Products
Gnome
  • Gdk-pixbuf
Redhat
  • Enterprise Linux
  • Enterprise Linux Eus
  • Enterprise Linux Server Aus
  • Enterprise Linux Server Tus
  • Rhel Aus
  • Rhel E4s
  • Rhel Els
  • Rhel Eus
  • Rhel Eus Long Life
  • Rhel Tus

Configuration 1 [-]

OR cpe:2.3:a:gnome:gdk-pixbuf:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*

No data.

References
Link Providers
https://access.redhat.com/errata/RHSA-2026:10707 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:10708 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:10741 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:11325 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:11326 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:11327 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:11328 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:11806 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:12060 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:12061 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:12062 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:12114 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2026:12115 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2026-5201 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2453291 cve-icon cve-icon
https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/304 cve-icon cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2026/04/msg00010.html cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-5201 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-5201 cve-icon
History

Fri, 01 May 2026 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat enterprise Linux Server Aus
Redhat enterprise Linux Server Tus
CPEs cpe:2.3:a:gnome:gdk-pixbuf:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*
Vendors & Products Redhat enterprise Linux Server Aus
Redhat enterprise Linux Server Tus

Thu, 30 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus Long Life
CPEs cpe:/a:redhat:rhel_aus:8.4::appstream
cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
cpe:/o:redhat:rhel_aus:8.4::baseos
cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
Vendors & Products Redhat rhel Eus Long Life
References

Thu, 30 Apr 2026 08:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Els
CPEs cpe:/o:redhat:enterprise_linux:7 cpe:/a:redhat:rhel_aus:8.6::appstream
cpe:/a:redhat:rhel_e4s:8.6::appstream
cpe:/a:redhat:rhel_tus:8.6::appstream
cpe:/o:redhat:rhel_aus:8.6::baseos
cpe:/o:redhat:rhel_e4s:8.6::baseos
cpe:/o:redhat:rhel_els:7
cpe:/o:redhat:rhel_tus:8.6::baseos
Vendors & Products Redhat rhel Els
References

Thu, 30 Apr 2026 05:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Tus
CPEs cpe:/a:redhat:rhel_e4s:8.8::appstream
cpe:/a:redhat:rhel_e4s:9.0::appstream
cpe:/a:redhat:rhel_tus:8.8::appstream
cpe:/o:redhat:rhel_e4s:8.8::baseos
cpe:/o:redhat:rhel_tus:8.8::baseos
Vendors & Products Redhat rhel Tus
References

Wed, 29 Apr 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Aus
CPEs cpe:/a:redhat:rhel_aus:8.2::appstream
cpe:/o:redhat:rhel_aus:8.2::baseos
Vendors & Products Redhat rhel Aus
References

Tue, 28 Apr 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus
CPEs cpe:/a:redhat:rhel_eus:9.4::appstream
cpe:/a:redhat:rhel_eus:9.6::appstream
Vendors & Products Redhat rhel Eus
References

Tue, 28 Apr 2026 07:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat enterprise Linux Eus
Redhat rhel E4s
CPEs cpe:/a:redhat:rhel_e4s:9.2::appstream
cpe:/o:redhat:enterprise_linux_eus:10.0
Vendors & Products Redhat enterprise Linux Eus
Redhat rhel E4s
References

Mon, 27 Apr 2026 10:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:8::appstream
cpe:/a:redhat:enterprise_linux:8::crb
cpe:/o:redhat:enterprise_linux:10.1
cpe:/o:redhat:enterprise_linux:8::baseos
References

Mon, 27 Apr 2026 03:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:9::appstream
References

Tue, 14 Apr 2026 12:30:00 +0000

Type Values Removed Values Added
References

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Gnome
Gnome gdk-pixbuf
Vendors & Products Gnome
Gnome gdk-pixbuf

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Tue, 31 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 31 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
Description A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for example, via thumbnail generation. Successful exploitation leads to application crashes and denial of service (DoS) conditions.
Title Gdk-pixbuf: gdk-pixbuf: denial of service via heap-based buffer overflow when processing a specially crafted jpeg image
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-122
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2026-03-31T08:32:58.344Z

Updated: 2026-04-30T12:44:13.775Z

Reserved: 2026-03-31T07:20:49.961Z

Link: CVE-2026-5201

cve-icon Vulnrichment

Updated: 2026-04-14T11:24:02.757Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-31T09:16:23.440

Modified: 2026-05-01T19:14:40.077

Link: CVE-2026-5201

cve-icon Redhat

Severity : Important

Publid Date: 2026-03-31T00:00:00Z

Links: CVE-2026-5201 - Bugzilla