Vulnerability-Lookup

RHSA-2026:11806

Vulnerability from csaf_redhat - Published: 2026-04-29 15:46 - Updated: 2026-04-30 16:32

Summary

Red Hat Security Advisory: gdk-pixbuf2 security update

Severity

Important

Notes

Topic: An update for gdk-pixbuf2 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: The gdk-pixbuf2 packages provide an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. Security Fix(es): * gdk-pixbuf: gdk-pixbuf: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image (CVE-2026-5201) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2026-5201

A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for example, via thumbnail generation. Successful exploitation leads to application crashes and denial of service (DoS) conditions.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-122 - Heap-based Buffer Overflow

Vendor Fix For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 https://access.redhat.com/errata/RHSA-2026:11806

Workaround To reduce the risk of exploitation, avoid opening or processing untrusted JPEG image files. This operational control helps prevent the automatic triggering of the vulnerability, for example, during thumbnail generation, which could otherwise lead to application instability.

References

URL

Category

	https://access.redhat.com/errata/RHSA-2026:11806	self
	https://access.redhat.com/security/updates/classi…	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2453291	external
	https://security.access.redhat.com/data/csaf/v2/a…	self
	https://access.redhat.com/security/cve/CVE-2026-5201	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2453291	external
	https://www.cve.org/CVERecord?id=CVE-2026-5201	external
	https://nvd.nist.gov/vuln/detail/CVE-2026-5201	external
	https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/304	external

Acknowledgments

Kağan Çapar

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for gdk-pixbuf2 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The gdk-pixbuf2 packages provide an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter.\n\nSecurity Fix(es):\n\n* gdk-pixbuf: gdk-pixbuf: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image (CVE-2026-5201)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:11806",
        "url": "https://access.redhat.com/errata/RHSA-2026:11806"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2453291",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453291"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_11806.json"
      }
    ],
    "title": "Red Hat Security Advisory: gdk-pixbuf2 security update",
    "tracking": {
      "current_release_date": "2026-04-30T16:32:38+00:00",
      "generator": {
        "date": "2026-04-30T16:32:38+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.7"
        }
      },
      "id": "RHSA-2026:11806",
      "initial_release_date": "2026-04-29T15:46:10+00:00",
      "revision_history": [
        {
          "date": "2026-04-29T15:46:10+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-04-29T15:46:10+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-04-30T16:32:38+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
                  "product_id": "AppStream-8.2.0.Z.AUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_aus:8.2::appstream"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
                "product": {
                  "name": "Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
                  "product_id": "BaseOS-8.2.0.Z.AUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_aus:8.2::baseos"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "gdk-pixbuf2-devel-0:2.36.12-7.el8_2.i686",
                "product": {
                  "name": "gdk-pixbuf2-devel-0:2.36.12-7.el8_2.i686",
                  "product_id": "gdk-pixbuf2-devel-0:2.36.12-7.el8_2.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gdk-pixbuf2-devel@2.36.12-7.el8_2?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "gdk-pixbuf2-modules-0:2.36.12-7.el8_2.i686",
                "product": {
                  "name": "gdk-pixbuf2-modules-0:2.36.12-7.el8_2.i686",
                  "product_id": "gdk-pixbuf2-modules-0:2.36.12-7.el8_2.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gdk-pixbuf2-modules@2.36.12-7.el8_2?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "gdk-pixbuf2-debugsource-0:2.36.12-7.el8_2.i686",
                "product": {
                  "name": "gdk-pixbuf2-debugsource-0:2.36.12-7.el8_2.i686",
                  "product_id": "gdk-pixbuf2-debugsource-0:2.36.12-7.el8_2.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gdk-pixbuf2-debugsource@2.36.12-7.el8_2?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "gdk-pixbuf2-debuginfo-0:2.36.12-7.el8_2.i686",
                "product": {
                  "name": "gdk-pixbuf2-debuginfo-0:2.36.12-7.el8_2.i686",
                  "product_id": "gdk-pixbuf2-debuginfo-0:2.36.12-7.el8_2.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gdk-pixbuf2-debuginfo@2.36.12-7.el8_2?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "gdk-pixbuf2-devel-debuginfo-0:2.36.12-7.el8_2.i686",
                "product": {
                  "name": "gdk-pixbuf2-devel-debuginfo-0:2.36.12-7.el8_2.i686",
                  "product_id": "gdk-pixbuf2-devel-debuginfo-0:2.36.12-7.el8_2.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gdk-pixbuf2-devel-debuginfo@2.36.12-7.el8_2?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "gdk-pixbuf2-modules-debuginfo-0:2.36.12-7.el8_2.i686",
                "product": {
                  "name": "gdk-pixbuf2-modules-debuginfo-0:2.36.12-7.el8_2.i686",
                  "product_id": "gdk-pixbuf2-modules-debuginfo-0:2.36.12-7.el8_2.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gdk-pixbuf2-modules-debuginfo@2.36.12-7.el8_2?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "gdk-pixbuf2-tests-debuginfo-0:2.36.12-7.el8_2.i686",
                "product": {
                  "name": "gdk-pixbuf2-tests-debuginfo-0:2.36.12-7.el8_2.i686",
                  "product_id": "gdk-pixbuf2-tests-debuginfo-0:2.36.12-7.el8_2.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gdk-pixbuf2-tests-debuginfo@2.36.12-7.el8_2?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "gdk-pixbuf2-xlib-debuginfo-0:2.36.12-7.el8_2.i686",
                "product": {
                  "name": "gdk-pixbuf2-xlib-debuginfo-0:2.36.12-7.el8_2.i686",
                  "product_id": "gdk-pixbuf2-xlib-debuginfo-0:2.36.12-7.el8_2.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gdk-pixbuf2-xlib-debuginfo@2.36.12-7.el8_2?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "gdk-pixbuf2-0:2.36.12-7.el8_2.i686",
                "product": {
                  "name": "gdk-pixbuf2-0:2.36.12-7.el8_2.i686",
                  "product_id": "gdk-pixbuf2-0:2.36.12-7.el8_2.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gdk-pixbuf2@2.36.12-7.el8_2?arch=i686"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "gdk-pixbuf2-devel-0:2.36.12-7.el8_2.x86_64",
                "product": {
                  "name": "gdk-pixbuf2-devel-0:2.36.12-7.el8_2.x86_64",
                  "product_id": "gdk-pixbuf2-devel-0:2.36.12-7.el8_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gdk-pixbuf2-devel@2.36.12-7.el8_2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "gdk-pixbuf2-modules-0:2.36.12-7.el8_2.x86_64",
                "product": {
                  "name": "gdk-pixbuf2-modules-0:2.36.12-7.el8_2.x86_64",
                  "product_id": "gdk-pixbuf2-modules-0:2.36.12-7.el8_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gdk-pixbuf2-modules@2.36.12-7.el8_2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "gdk-pixbuf2-debugsource-0:2.36.12-7.el8_2.x86_64",
                "product": {
                  "name": "gdk-pixbuf2-debugsource-0:2.36.12-7.el8_2.x86_64",
                  "product_id": "gdk-pixbuf2-debugsource-0:2.36.12-7.el8_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gdk-pixbuf2-debugsource@2.36.12-7.el8_2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "gdk-pixbuf2-debuginfo-0:2.36.12-7.el8_2.x86_64",
                "product": {
                  "name": "gdk-pixbuf2-debuginfo-0:2.36.12-7.el8_2.x86_64",
                  "product_id": "gdk-pixbuf2-debuginfo-0:2.36.12-7.el8_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gdk-pixbuf2-debuginfo@2.36.12-7.el8_2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "gdk-pixbuf2-devel-debuginfo-0:2.36.12-7.el8_2.x86_64",
                "product": {
                  "name": "gdk-pixbuf2-devel-debuginfo-0:2.36.12-7.el8_2.x86_64",
                  "product_id": "gdk-pixbuf2-devel-debuginfo-0:2.36.12-7.el8_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gdk-pixbuf2-devel-debuginfo@2.36.12-7.el8_2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "gdk-pixbuf2-modules-debuginfo-0:2.36.12-7.el8_2.x86_64",
                "product": {
                  "name": "gdk-pixbuf2-modules-debuginfo-0:2.36.12-7.el8_2.x86_64",
                  "product_id": "gdk-pixbuf2-modules-debuginfo-0:2.36.12-7.el8_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gdk-pixbuf2-modules-debuginfo@2.36.12-7.el8_2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "gdk-pixbuf2-tests-debuginfo-0:2.36.12-7.el8_2.x86_64",
                "product": {
                  "name": "gdk-pixbuf2-tests-debuginfo-0:2.36.12-7.el8_2.x86_64",
                  "product_id": "gdk-pixbuf2-tests-debuginfo-0:2.36.12-7.el8_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gdk-pixbuf2-tests-debuginfo@2.36.12-7.el8_2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "gdk-pixbuf2-xlib-debuginfo-0:2.36.12-7.el8_2.x86_64",
                "product": {
                  "name": "gdk-pixbuf2-xlib-debuginfo-0:2.36.12-7.el8_2.x86_64",
                  "product_id": "gdk-pixbuf2-xlib-debuginfo-0:2.36.12-7.el8_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gdk-pixbuf2-xlib-debuginfo@2.36.12-7.el8_2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "gdk-pixbuf2-0:2.36.12-7.el8_2.x86_64",
                "product": {
                  "name": "gdk-pixbuf2-0:2.36.12-7.el8_2.x86_64",
                  "product_id": "gdk-pixbuf2-0:2.36.12-7.el8_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gdk-pixbuf2@2.36.12-7.el8_2?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "gdk-pixbuf2-0:2.36.12-7.el8_2.src",
                "product": {
                  "name": "gdk-pixbuf2-0:2.36.12-7.el8_2.src",
                  "product_id": "gdk-pixbuf2-0:2.36.12-7.el8_2.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/gdk-pixbuf2@2.36.12-7.el8_2?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdk-pixbuf2-0:2.36.12-7.el8_2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
          "product_id": "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-0:2.36.12-7.el8_2.i686"
        },
        "product_reference": "gdk-pixbuf2-0:2.36.12-7.el8_2.i686",
        "relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdk-pixbuf2-0:2.36.12-7.el8_2.src as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
          "product_id": "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-0:2.36.12-7.el8_2.src"
        },
        "product_reference": "gdk-pixbuf2-0:2.36.12-7.el8_2.src",
        "relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdk-pixbuf2-0:2.36.12-7.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
          "product_id": "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-0:2.36.12-7.el8_2.x86_64"
        },
        "product_reference": "gdk-pixbuf2-0:2.36.12-7.el8_2.x86_64",
        "relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdk-pixbuf2-debuginfo-0:2.36.12-7.el8_2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
          "product_id": "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-debuginfo-0:2.36.12-7.el8_2.i686"
        },
        "product_reference": "gdk-pixbuf2-debuginfo-0:2.36.12-7.el8_2.i686",
        "relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdk-pixbuf2-debuginfo-0:2.36.12-7.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
          "product_id": "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-debuginfo-0:2.36.12-7.el8_2.x86_64"
        },
        "product_reference": "gdk-pixbuf2-debuginfo-0:2.36.12-7.el8_2.x86_64",
        "relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdk-pixbuf2-debugsource-0:2.36.12-7.el8_2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
          "product_id": "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-debugsource-0:2.36.12-7.el8_2.i686"
        },
        "product_reference": "gdk-pixbuf2-debugsource-0:2.36.12-7.el8_2.i686",
        "relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdk-pixbuf2-debugsource-0:2.36.12-7.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
          "product_id": "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-debugsource-0:2.36.12-7.el8_2.x86_64"
        },
        "product_reference": "gdk-pixbuf2-debugsource-0:2.36.12-7.el8_2.x86_64",
        "relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdk-pixbuf2-devel-0:2.36.12-7.el8_2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
          "product_id": "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-devel-0:2.36.12-7.el8_2.i686"
        },
        "product_reference": "gdk-pixbuf2-devel-0:2.36.12-7.el8_2.i686",
        "relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdk-pixbuf2-devel-0:2.36.12-7.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
          "product_id": "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-devel-0:2.36.12-7.el8_2.x86_64"
        },
        "product_reference": "gdk-pixbuf2-devel-0:2.36.12-7.el8_2.x86_64",
        "relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdk-pixbuf2-devel-debuginfo-0:2.36.12-7.el8_2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
          "product_id": "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-devel-debuginfo-0:2.36.12-7.el8_2.i686"
        },
        "product_reference": "gdk-pixbuf2-devel-debuginfo-0:2.36.12-7.el8_2.i686",
        "relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdk-pixbuf2-devel-debuginfo-0:2.36.12-7.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
          "product_id": "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-devel-debuginfo-0:2.36.12-7.el8_2.x86_64"
        },
        "product_reference": "gdk-pixbuf2-devel-debuginfo-0:2.36.12-7.el8_2.x86_64",
        "relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdk-pixbuf2-modules-0:2.36.12-7.el8_2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
          "product_id": "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-modules-0:2.36.12-7.el8_2.i686"
        },
        "product_reference": "gdk-pixbuf2-modules-0:2.36.12-7.el8_2.i686",
        "relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdk-pixbuf2-modules-0:2.36.12-7.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
          "product_id": "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-modules-0:2.36.12-7.el8_2.x86_64"
        },
        "product_reference": "gdk-pixbuf2-modules-0:2.36.12-7.el8_2.x86_64",
        "relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdk-pixbuf2-modules-debuginfo-0:2.36.12-7.el8_2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
          "product_id": "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-modules-debuginfo-0:2.36.12-7.el8_2.i686"
        },
        "product_reference": "gdk-pixbuf2-modules-debuginfo-0:2.36.12-7.el8_2.i686",
        "relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdk-pixbuf2-modules-debuginfo-0:2.36.12-7.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
          "product_id": "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-modules-debuginfo-0:2.36.12-7.el8_2.x86_64"
        },
        "product_reference": "gdk-pixbuf2-modules-debuginfo-0:2.36.12-7.el8_2.x86_64",
        "relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdk-pixbuf2-tests-debuginfo-0:2.36.12-7.el8_2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
          "product_id": "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-tests-debuginfo-0:2.36.12-7.el8_2.i686"
        },
        "product_reference": "gdk-pixbuf2-tests-debuginfo-0:2.36.12-7.el8_2.i686",
        "relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdk-pixbuf2-tests-debuginfo-0:2.36.12-7.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
          "product_id": "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-tests-debuginfo-0:2.36.12-7.el8_2.x86_64"
        },
        "product_reference": "gdk-pixbuf2-tests-debuginfo-0:2.36.12-7.el8_2.x86_64",
        "relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdk-pixbuf2-xlib-debuginfo-0:2.36.12-7.el8_2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
          "product_id": "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-xlib-debuginfo-0:2.36.12-7.el8_2.i686"
        },
        "product_reference": "gdk-pixbuf2-xlib-debuginfo-0:2.36.12-7.el8_2.i686",
        "relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdk-pixbuf2-xlib-debuginfo-0:2.36.12-7.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
          "product_id": "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-xlib-debuginfo-0:2.36.12-7.el8_2.x86_64"
        },
        "product_reference": "gdk-pixbuf2-xlib-debuginfo-0:2.36.12-7.el8_2.x86_64",
        "relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdk-pixbuf2-0:2.36.12-7.el8_2.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
          "product_id": "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-0:2.36.12-7.el8_2.i686"
        },
        "product_reference": "gdk-pixbuf2-0:2.36.12-7.el8_2.i686",
        "relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdk-pixbuf2-0:2.36.12-7.el8_2.src as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
          "product_id": "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-0:2.36.12-7.el8_2.src"
        },
        "product_reference": "gdk-pixbuf2-0:2.36.12-7.el8_2.src",
        "relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdk-pixbuf2-0:2.36.12-7.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
          "product_id": "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-0:2.36.12-7.el8_2.x86_64"
        },
        "product_reference": "gdk-pixbuf2-0:2.36.12-7.el8_2.x86_64",
        "relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdk-pixbuf2-debuginfo-0:2.36.12-7.el8_2.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
          "product_id": "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-debuginfo-0:2.36.12-7.el8_2.i686"
        },
        "product_reference": "gdk-pixbuf2-debuginfo-0:2.36.12-7.el8_2.i686",
        "relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdk-pixbuf2-debuginfo-0:2.36.12-7.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
          "product_id": "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-debuginfo-0:2.36.12-7.el8_2.x86_64"
        },
        "product_reference": "gdk-pixbuf2-debuginfo-0:2.36.12-7.el8_2.x86_64",
        "relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdk-pixbuf2-debugsource-0:2.36.12-7.el8_2.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
          "product_id": "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-debugsource-0:2.36.12-7.el8_2.i686"
        },
        "product_reference": "gdk-pixbuf2-debugsource-0:2.36.12-7.el8_2.i686",
        "relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdk-pixbuf2-debugsource-0:2.36.12-7.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
          "product_id": "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-debugsource-0:2.36.12-7.el8_2.x86_64"
        },
        "product_reference": "gdk-pixbuf2-debugsource-0:2.36.12-7.el8_2.x86_64",
        "relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdk-pixbuf2-devel-0:2.36.12-7.el8_2.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
          "product_id": "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-devel-0:2.36.12-7.el8_2.i686"
        },
        "product_reference": "gdk-pixbuf2-devel-0:2.36.12-7.el8_2.i686",
        "relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdk-pixbuf2-devel-0:2.36.12-7.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
          "product_id": "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-devel-0:2.36.12-7.el8_2.x86_64"
        },
        "product_reference": "gdk-pixbuf2-devel-0:2.36.12-7.el8_2.x86_64",
        "relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdk-pixbuf2-devel-debuginfo-0:2.36.12-7.el8_2.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
          "product_id": "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-devel-debuginfo-0:2.36.12-7.el8_2.i686"
        },
        "product_reference": "gdk-pixbuf2-devel-debuginfo-0:2.36.12-7.el8_2.i686",
        "relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdk-pixbuf2-devel-debuginfo-0:2.36.12-7.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
          "product_id": "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-devel-debuginfo-0:2.36.12-7.el8_2.x86_64"
        },
        "product_reference": "gdk-pixbuf2-devel-debuginfo-0:2.36.12-7.el8_2.x86_64",
        "relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdk-pixbuf2-modules-0:2.36.12-7.el8_2.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
          "product_id": "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-modules-0:2.36.12-7.el8_2.i686"
        },
        "product_reference": "gdk-pixbuf2-modules-0:2.36.12-7.el8_2.i686",
        "relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdk-pixbuf2-modules-0:2.36.12-7.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
          "product_id": "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-modules-0:2.36.12-7.el8_2.x86_64"
        },
        "product_reference": "gdk-pixbuf2-modules-0:2.36.12-7.el8_2.x86_64",
        "relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdk-pixbuf2-modules-debuginfo-0:2.36.12-7.el8_2.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
          "product_id": "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-modules-debuginfo-0:2.36.12-7.el8_2.i686"
        },
        "product_reference": "gdk-pixbuf2-modules-debuginfo-0:2.36.12-7.el8_2.i686",
        "relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdk-pixbuf2-modules-debuginfo-0:2.36.12-7.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
          "product_id": "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-modules-debuginfo-0:2.36.12-7.el8_2.x86_64"
        },
        "product_reference": "gdk-pixbuf2-modules-debuginfo-0:2.36.12-7.el8_2.x86_64",
        "relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdk-pixbuf2-tests-debuginfo-0:2.36.12-7.el8_2.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
          "product_id": "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-tests-debuginfo-0:2.36.12-7.el8_2.i686"
        },
        "product_reference": "gdk-pixbuf2-tests-debuginfo-0:2.36.12-7.el8_2.i686",
        "relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdk-pixbuf2-tests-debuginfo-0:2.36.12-7.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
          "product_id": "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-tests-debuginfo-0:2.36.12-7.el8_2.x86_64"
        },
        "product_reference": "gdk-pixbuf2-tests-debuginfo-0:2.36.12-7.el8_2.x86_64",
        "relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdk-pixbuf2-xlib-debuginfo-0:2.36.12-7.el8_2.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
          "product_id": "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-xlib-debuginfo-0:2.36.12-7.el8_2.i686"
        },
        "product_reference": "gdk-pixbuf2-xlib-debuginfo-0:2.36.12-7.el8_2.i686",
        "relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gdk-pixbuf2-xlib-debuginfo-0:2.36.12-7.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
          "product_id": "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-xlib-debuginfo-0:2.36.12-7.el8_2.x86_64"
        },
        "product_reference": "gdk-pixbuf2-xlib-debuginfo-0:2.36.12-7.el8_2.x86_64",
        "relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Ka\u011fan \u00c7apar"
          ]
        }
      ],
      "cve": "CVE-2026-5201",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "discovery_date": "2026-03-31T07:17:23.696000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2453291"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for example, via thumbnail generation. Successful exploitation leads to application crashes and denial of service (DoS) conditions.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "gdk-pixbuf: gdk-pixbuf: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "An Important heap-based buffer overflow flaw exists in the `gdk-pixbuf` library\u0027s JPEG image loader. This vulnerability can be triggered automatically without user interaction when processing a specially crafted JPEG image, such as during thumbnail generation. Successful exploitation leads to application crashes and denial-of-service conditions in applications utilizing `gdk-pixbuf` for image handling.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-0:2.36.12-7.el8_2.i686",
          "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-0:2.36.12-7.el8_2.src",
          "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-0:2.36.12-7.el8_2.x86_64",
          "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-debuginfo-0:2.36.12-7.el8_2.i686",
          "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-debuginfo-0:2.36.12-7.el8_2.x86_64",
          "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-debugsource-0:2.36.12-7.el8_2.i686",
          "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-debugsource-0:2.36.12-7.el8_2.x86_64",
          "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-devel-0:2.36.12-7.el8_2.i686",
          "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-devel-0:2.36.12-7.el8_2.x86_64",
          "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-devel-debuginfo-0:2.36.12-7.el8_2.i686",
          "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-devel-debuginfo-0:2.36.12-7.el8_2.x86_64",
          "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-modules-0:2.36.12-7.el8_2.i686",
          "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-modules-0:2.36.12-7.el8_2.x86_64",
          "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-modules-debuginfo-0:2.36.12-7.el8_2.i686",
          "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-modules-debuginfo-0:2.36.12-7.el8_2.x86_64",
          "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-tests-debuginfo-0:2.36.12-7.el8_2.i686",
          "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-tests-debuginfo-0:2.36.12-7.el8_2.x86_64",
          "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-xlib-debuginfo-0:2.36.12-7.el8_2.i686",
          "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-xlib-debuginfo-0:2.36.12-7.el8_2.x86_64",
          "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-0:2.36.12-7.el8_2.i686",
          "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-0:2.36.12-7.el8_2.src",
          "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-0:2.36.12-7.el8_2.x86_64",
          "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-debuginfo-0:2.36.12-7.el8_2.i686",
          "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-debuginfo-0:2.36.12-7.el8_2.x86_64",
          "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-debugsource-0:2.36.12-7.el8_2.i686",
          "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-debugsource-0:2.36.12-7.el8_2.x86_64",
          "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-devel-0:2.36.12-7.el8_2.i686",
          "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-devel-0:2.36.12-7.el8_2.x86_64",
          "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-devel-debuginfo-0:2.36.12-7.el8_2.i686",
          "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-devel-debuginfo-0:2.36.12-7.el8_2.x86_64",
          "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-modules-0:2.36.12-7.el8_2.i686",
          "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-modules-0:2.36.12-7.el8_2.x86_64",
          "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-modules-debuginfo-0:2.36.12-7.el8_2.i686",
          "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-modules-debuginfo-0:2.36.12-7.el8_2.x86_64",
          "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-tests-debuginfo-0:2.36.12-7.el8_2.i686",
          "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-tests-debuginfo-0:2.36.12-7.el8_2.x86_64",
          "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-xlib-debuginfo-0:2.36.12-7.el8_2.i686",
          "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-xlib-debuginfo-0:2.36.12-7.el8_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-5201"
        },
        {
          "category": "external",
          "summary": "RHBZ#2453291",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453291"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-5201",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-5201"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-5201",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5201"
        },
        {
          "category": "external",
          "summary": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/304",
          "url": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/304"
        }
      ],
      "release_date": "2026-03-31T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-29T15:46:10+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-0:2.36.12-7.el8_2.i686",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-0:2.36.12-7.el8_2.src",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-0:2.36.12-7.el8_2.x86_64",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-debuginfo-0:2.36.12-7.el8_2.i686",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-debuginfo-0:2.36.12-7.el8_2.x86_64",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-debugsource-0:2.36.12-7.el8_2.i686",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-debugsource-0:2.36.12-7.el8_2.x86_64",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-devel-0:2.36.12-7.el8_2.i686",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-devel-0:2.36.12-7.el8_2.x86_64",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-devel-debuginfo-0:2.36.12-7.el8_2.i686",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-devel-debuginfo-0:2.36.12-7.el8_2.x86_64",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-modules-0:2.36.12-7.el8_2.i686",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-modules-0:2.36.12-7.el8_2.x86_64",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-modules-debuginfo-0:2.36.12-7.el8_2.i686",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-modules-debuginfo-0:2.36.12-7.el8_2.x86_64",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-tests-debuginfo-0:2.36.12-7.el8_2.i686",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-tests-debuginfo-0:2.36.12-7.el8_2.x86_64",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-xlib-debuginfo-0:2.36.12-7.el8_2.i686",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-xlib-debuginfo-0:2.36.12-7.el8_2.x86_64",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-0:2.36.12-7.el8_2.i686",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-0:2.36.12-7.el8_2.src",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-0:2.36.12-7.el8_2.x86_64",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-debuginfo-0:2.36.12-7.el8_2.i686",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-debuginfo-0:2.36.12-7.el8_2.x86_64",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-debugsource-0:2.36.12-7.el8_2.i686",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-debugsource-0:2.36.12-7.el8_2.x86_64",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-devel-0:2.36.12-7.el8_2.i686",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-devel-0:2.36.12-7.el8_2.x86_64",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-devel-debuginfo-0:2.36.12-7.el8_2.i686",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-devel-debuginfo-0:2.36.12-7.el8_2.x86_64",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-modules-0:2.36.12-7.el8_2.i686",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-modules-0:2.36.12-7.el8_2.x86_64",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-modules-debuginfo-0:2.36.12-7.el8_2.i686",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-modules-debuginfo-0:2.36.12-7.el8_2.x86_64",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-tests-debuginfo-0:2.36.12-7.el8_2.i686",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-tests-debuginfo-0:2.36.12-7.el8_2.x86_64",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-xlib-debuginfo-0:2.36.12-7.el8_2.i686",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-xlib-debuginfo-0:2.36.12-7.el8_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:11806"
        },
        {
          "category": "workaround",
          "details": "To reduce the risk of exploitation, avoid opening or processing untrusted JPEG image files. This operational control helps prevent the automatic triggering of the vulnerability, for example, during thumbnail generation, which could otherwise lead to application instability.",
          "product_ids": [
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-0:2.36.12-7.el8_2.i686",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-0:2.36.12-7.el8_2.src",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-0:2.36.12-7.el8_2.x86_64",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-debuginfo-0:2.36.12-7.el8_2.i686",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-debuginfo-0:2.36.12-7.el8_2.x86_64",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-debugsource-0:2.36.12-7.el8_2.i686",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-debugsource-0:2.36.12-7.el8_2.x86_64",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-devel-0:2.36.12-7.el8_2.i686",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-devel-0:2.36.12-7.el8_2.x86_64",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-devel-debuginfo-0:2.36.12-7.el8_2.i686",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-devel-debuginfo-0:2.36.12-7.el8_2.x86_64",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-modules-0:2.36.12-7.el8_2.i686",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-modules-0:2.36.12-7.el8_2.x86_64",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-modules-debuginfo-0:2.36.12-7.el8_2.i686",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-modules-debuginfo-0:2.36.12-7.el8_2.x86_64",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-tests-debuginfo-0:2.36.12-7.el8_2.i686",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-tests-debuginfo-0:2.36.12-7.el8_2.x86_64",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-xlib-debuginfo-0:2.36.12-7.el8_2.i686",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-xlib-debuginfo-0:2.36.12-7.el8_2.x86_64",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-0:2.36.12-7.el8_2.i686",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-0:2.36.12-7.el8_2.src",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-0:2.36.12-7.el8_2.x86_64",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-debuginfo-0:2.36.12-7.el8_2.i686",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-debuginfo-0:2.36.12-7.el8_2.x86_64",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-debugsource-0:2.36.12-7.el8_2.i686",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-debugsource-0:2.36.12-7.el8_2.x86_64",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-devel-0:2.36.12-7.el8_2.i686",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-devel-0:2.36.12-7.el8_2.x86_64",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-devel-debuginfo-0:2.36.12-7.el8_2.i686",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-devel-debuginfo-0:2.36.12-7.el8_2.x86_64",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-modules-0:2.36.12-7.el8_2.i686",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-modules-0:2.36.12-7.el8_2.x86_64",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-modules-debuginfo-0:2.36.12-7.el8_2.i686",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-modules-debuginfo-0:2.36.12-7.el8_2.x86_64",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-tests-debuginfo-0:2.36.12-7.el8_2.i686",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-tests-debuginfo-0:2.36.12-7.el8_2.x86_64",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-xlib-debuginfo-0:2.36.12-7.el8_2.i686",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-xlib-debuginfo-0:2.36.12-7.el8_2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-0:2.36.12-7.el8_2.i686",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-0:2.36.12-7.el8_2.src",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-0:2.36.12-7.el8_2.x86_64",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-debuginfo-0:2.36.12-7.el8_2.i686",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-debuginfo-0:2.36.12-7.el8_2.x86_64",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-debugsource-0:2.36.12-7.el8_2.i686",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-debugsource-0:2.36.12-7.el8_2.x86_64",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-devel-0:2.36.12-7.el8_2.i686",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-devel-0:2.36.12-7.el8_2.x86_64",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-devel-debuginfo-0:2.36.12-7.el8_2.i686",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-devel-debuginfo-0:2.36.12-7.el8_2.x86_64",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-modules-0:2.36.12-7.el8_2.i686",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-modules-0:2.36.12-7.el8_2.x86_64",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-modules-debuginfo-0:2.36.12-7.el8_2.i686",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-modules-debuginfo-0:2.36.12-7.el8_2.x86_64",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-tests-debuginfo-0:2.36.12-7.el8_2.i686",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-tests-debuginfo-0:2.36.12-7.el8_2.x86_64",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-xlib-debuginfo-0:2.36.12-7.el8_2.i686",
            "AppStream-8.2.0.Z.AUS:gdk-pixbuf2-xlib-debuginfo-0:2.36.12-7.el8_2.x86_64",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-0:2.36.12-7.el8_2.i686",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-0:2.36.12-7.el8_2.src",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-0:2.36.12-7.el8_2.x86_64",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-debuginfo-0:2.36.12-7.el8_2.i686",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-debuginfo-0:2.36.12-7.el8_2.x86_64",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-debugsource-0:2.36.12-7.el8_2.i686",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-debugsource-0:2.36.12-7.el8_2.x86_64",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-devel-0:2.36.12-7.el8_2.i686",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-devel-0:2.36.12-7.el8_2.x86_64",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-devel-debuginfo-0:2.36.12-7.el8_2.i686",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-devel-debuginfo-0:2.36.12-7.el8_2.x86_64",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-modules-0:2.36.12-7.el8_2.i686",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-modules-0:2.36.12-7.el8_2.x86_64",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-modules-debuginfo-0:2.36.12-7.el8_2.i686",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-modules-debuginfo-0:2.36.12-7.el8_2.x86_64",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-tests-debuginfo-0:2.36.12-7.el8_2.i686",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-tests-debuginfo-0:2.36.12-7.el8_2.x86_64",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-xlib-debuginfo-0:2.36.12-7.el8_2.i686",
            "BaseOS-8.2.0.Z.AUS:gdk-pixbuf2-xlib-debuginfo-0:2.36.12-7.el8_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "gdk-pixbuf: gdk-pixbuf: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image"
    }
  ]
}

CVE-2026-5201 (GCVE-0-2026-5201)

Vulnerability from cvelistv5 – Published: 2026-03-31 08:32 – Updated: 2026-04-30 12:44

Title

Gdk-pixbuf: gdk-pixbuf: denial of service via heap-based buffer overflow when processing a specially crafted jpeg image

Summary

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-122 - Heap-based Buffer Overflow

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2026:10707	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:10708	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:10741	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:11325	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:11326	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:11327	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:11328	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:11806	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:12060	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:12061	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:12062	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:12114	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:12115	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2026-5201	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2453291	issue-trackingx_refsource_REDHAT
	https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/304

Impacted products

Vendor

Product

Version

Red Hat

Red Hat Enterprise Linux 10

Unaffected: 0:2.42.12-4.el10_1.5 , < * (rpm)
cpe:/o:redhat:enterprise_linux:10.1

Red Hat	Red Hat Enterprise Linux 10.0 Extended Update Support	Unaffected: 0:2.42.12-4.el10_0.4 , < * (rpm) cpe:/o:redhat:enterprise_linux_eus:10.0
Red Hat	Red Hat Enterprise Linux 7 Extended Lifecycle Support	Unaffected: 0:2.36.12-5.el7_9 , < * (rpm) cpe:/o:redhat:rhel_els:7
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:2.36.12-8.el8_10 , < * (rpm) cpe:/a:redhat:enterprise_linux:8::appstream cpe:/a:redhat:enterprise_linux:8::crb cpe:/o:redhat:enterprise_linux:8::baseos
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 0:2.36.12-8.el8_10 , < * (rpm) cpe:/a:redhat:enterprise_linux:8::appstream cpe:/a:redhat:enterprise_linux:8::crb cpe:/o:redhat:enterprise_linux:8::baseos
Red Hat	Red Hat Enterprise Linux 8.2 Advanced Update Support	Unaffected: 0:2.36.12-7.el8_2 , < * (rpm) cpe:/a:redhat:rhel_aus:8.2::appstream cpe:/o:redhat:rhel_aus:8.2::baseos
Red Hat	Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Unaffected: 0:2.36.12-7.el8_4 , < * (rpm) cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
Red Hat	Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On	Unaffected: 0:2.36.12-7.el8_4 , < * (rpm) cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
Red Hat	Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	Unaffected: 0:2.36.12-7.el8_6 , < * (rpm) cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos
Red Hat	Red Hat Enterprise Linux 8.6 Telecommunications Update Service	Unaffected: 0:2.36.12-7.el8_6 , < * (rpm) cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos
Red Hat	Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	Unaffected: 0:2.36.12-7.el8_6 , < * (rpm) cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos
Red Hat	Red Hat Enterprise Linux 8.8 Telecommunications Update Service	Unaffected: 0:2.36.12-7.el8_8 , < * (rpm) cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/o:redhat:rhel_e4s:8.8::baseos cpe:/o:redhat:rhel_tus:8.8::baseos
Red Hat	Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions	Unaffected: 0:2.36.12-7.el8_8 , < * (rpm) cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/o:redhat:rhel_e4s:8.8::baseos cpe:/o:redhat:rhel_tus:8.8::baseos
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 0:2.42.6-6.el9_7.1 , < * (rpm) cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	Unaffected: 0:2.42.6-3.el9_0.1 , < * (rpm) cpe:/a:redhat:rhel_e4s:9.0::appstream
Red Hat	Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	Unaffected: 0:2.42.6-4.el9_2.1 , < * (rpm) cpe:/a:redhat:rhel_e4s:9.2::appstream
Red Hat	Red Hat Enterprise Linux 9.4 Extended Update Support	Unaffected: 0:2.42.6-5.el9_4.1 , < * (rpm) cpe:/a:redhat:rhel_eus:9.4::appstream
Red Hat	Red Hat Enterprise Linux 9.6 Extended Update Support	Unaffected: 0:2.42.6-6.el9_6.1 , < * (rpm) cpe:/a:redhat:rhel_eus:9.6::appstream
Red Hat	Red Hat Enterprise Linux 10	cpe:/o:redhat:enterprise_linux:10
Red Hat	Red Hat Enterprise Linux 10	cpe:/o:redhat:enterprise_linux:10
Red Hat	Red Hat Enterprise Linux 10	cpe:/o:redhat:enterprise_linux:10
Red Hat	Red Hat Enterprise Linux 10	cpe:/o:redhat:enterprise_linux:10
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9

Date Public ?

2026-03-31 00:00

Credits

Red Hat would like to thank Kağan Çapar for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-5201",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-31T13:45:53.038226Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-31T13:46:03.040Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2026-04-14T11:24:02.757Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2026/04/msg00010.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10.1"
          ],
          "defaultStatus": "affected",
          "packageName": "gdk-pixbuf2",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.42.12-4.el10_1.5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux_eus:10.0"
          ],
          "defaultStatus": "affected",
          "packageName": "gdk-pixbuf2",
          "product": "Red Hat Enterprise Linux 10.0 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.42.12-4.el10_0.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_els:7"
          ],
          "defaultStatus": "affected",
          "packageName": "gdk-pixbuf2",
          "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.36.12-5.el7_9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream",
            "cpe:/a:redhat:enterprise_linux:8::crb",
            "cpe:/o:redhat:enterprise_linux:8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "gdk-pixbuf2",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.36.12-8.el8_10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream",
            "cpe:/a:redhat:enterprise_linux:8::crb",
            "cpe:/o:redhat:enterprise_linux:8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "gdk-pixbuf2",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.36.12-8.el8_10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.2::appstream",
            "cpe:/o:redhat:rhel_aus:8.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "gdk-pixbuf2",
          "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.36.12-7.el8_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.4::appstream",
            "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
            "cpe:/o:redhat:rhel_aus:8.4::baseos",
            "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "gdk-pixbuf2",
          "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.36.12-7.el8_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.4::appstream",
            "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
            "cpe:/o:redhat:rhel_aus:8.4::baseos",
            "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "gdk-pixbuf2",
          "product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.36.12-7.el8_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/o:redhat:rhel_e4s:8.6::baseos",
            "cpe:/o:redhat:rhel_tus:8.6::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "gdk-pixbuf2",
          "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.36.12-7.el8_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/o:redhat:rhel_e4s:8.6::baseos",
            "cpe:/o:redhat:rhel_tus:8.6::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "gdk-pixbuf2",
          "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.36.12-7.el8_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.6::appstream",
            "cpe:/a:redhat:rhel_e4s:8.6::appstream",
            "cpe:/a:redhat:rhel_tus:8.6::appstream",
            "cpe:/o:redhat:rhel_aus:8.6::baseos",
            "cpe:/o:redhat:rhel_e4s:8.6::baseos",
            "cpe:/o:redhat:rhel_tus:8.6::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "gdk-pixbuf2",
          "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.36.12-7.el8_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.8::appstream",
            "cpe:/a:redhat:rhel_tus:8.8::appstream",
            "cpe:/o:redhat:rhel_e4s:8.8::baseos",
            "cpe:/o:redhat:rhel_tus:8.8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "gdk-pixbuf2",
          "product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.36.12-7.el8_8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.8::appstream",
            "cpe:/a:redhat:rhel_tus:8.8::appstream",
            "cpe:/o:redhat:rhel_e4s:8.8::baseos",
            "cpe:/o:redhat:rhel_tus:8.8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "gdk-pixbuf2",
          "product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.36.12-7.el8_8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "gdk-pixbuf2",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.42.6-6.el9_7.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.0::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "gdk-pixbuf2",
          "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.42.6-3.el9_0.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "gdk-pixbuf2",
          "product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.42.6-4.el9_2.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "gdk-pixbuf2",
          "product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.42.6-5.el9_4.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "gdk-pixbuf2",
          "product": "Red Hat Enterprise Linux 9.6 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.42.6-6.el9_6.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "unaffected",
          "packageName": "glycin-loaders",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "affected",
          "packageName": "loupe",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "unaffected",
          "packageName": "papers",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "affected",
          "packageName": "snapshot",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "gdk-pixbuf2",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "librsvg2",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Ka\u011fan \u00c7apar for reporting this issue."
        }
      ],
      "datePublic": "2026-03-31T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for example, via thumbnail generation. Successful exploitation leads to application crashes and denial of service (DoS) conditions."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-30T12:44:13.775Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:10707",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:10707"
        },
        {
          "name": "RHSA-2026:10708",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:10708"
        },
        {
          "name": "RHSA-2026:10741",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:10741"
        },
        {
          "name": "RHSA-2026:11325",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:11325"
        },
        {
          "name": "RHSA-2026:11326",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:11326"
        },
        {
          "name": "RHSA-2026:11327",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:11327"
        },
        {
          "name": "RHSA-2026:11328",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:11328"
        },
        {
          "name": "RHSA-2026:11806",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:11806"
        },
        {
          "name": "RHSA-2026:12060",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:12060"
        },
        {
          "name": "RHSA-2026:12061",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:12061"
        },
        {
          "name": "RHSA-2026:12062",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:12062"
        },
        {
          "name": "RHSA-2026:12114",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:12114"
        },
        {
          "name": "RHSA-2026:12115",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:12115"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-5201"
        },
        {
          "name": "RHBZ#2453291",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453291"
        },
        {
          "url": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/304"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-03-31T07:17:23.696Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-03-31T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Gdk-pixbuf: gdk-pixbuf: denial of service via heap-based buffer overflow when processing a specially crafted jpeg image",
      "workarounds": [
        {
          "lang": "en",
          "value": "To reduce the risk of exploitation, avoid opening or processing untrusted JPEG image files. This operational control helps prevent the automatic triggering of the vulnerability, for example, during thumbnail generation, which could otherwise lead to application instability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-5201",
    "datePublished": "2026-03-31T08:32:58.344Z",
    "dateReserved": "2026-03-31T07:20:49.961Z",
    "dateUpdated": "2026-04-30T12:44:13.775Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2026:11806

CVE-2026-5201 (GCVE-0-2026-5201)

Tags

Sightings

Nomenclature