Vulnerabilities ›

CVE-2026-40915

Medium

CWE-190 — Weakness Type

                    Published: Apr 15, 2026                      ·  Modified: Apr 18, 2026                      ·  Source: NVD                

CVSS v3

5.5

🔗 NVD Official

📄 Description (English)

A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the FITS image loader by providing a specially crafted FITS file. This integer overflow leads to a zero-byte memory allocation, which is then subjected to a heap buffer overflow when processing pixel data. Successful exploitation could result in a denial of service (DoS) or potentially arbitrary code execution.

🤖 AI Executive Summary

CVE-2026-40915 is an integer overflow vulnerability in GIMP's FITS image loader that can be exploited via specially crafted files, leading to heap buffer overflow and potential code execution or denial of service. The flaw affects GIMP versions that process FITS astronomical image files without proper integer validation.

📄 Description (Arabic)

تم اكتشاف ثغرة تجاوز عدد صحيح في محمل صور FITS بتنسيق GIMP تسمح للمهاجمين البعيدين باستغلالها من خلال ملفات FITS مصممة خصيصاً. يؤدي تجاوز العدد الصحيح إلى تخصيص ذاكرة بحجم صفر، مما يسبب تجاوز مخزن مؤقت الكومة عند معالجة بيانات البكسل.

🤖 ملخص تنفيذي (AI)

A vulnerability in GIMP's FITS image loader allows remote attackers to trigger an integer overflow by submitting malicious FITS files, potentially causing denial of service or arbitrary code execution. This affects organizations using GIMP for image processing and astronomical data analysis.

🤖 AI Intelligence Analysis Analyzed: May 26, 2026 01:27

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: medium

🏢 Affected Saudi Sectors

government healthcare energy

🎯 MITRE ATT&CK Techniques

T1204.002 T1190 T1499.004

⚖️ Saudi Risk Score (AI)

6.0

/ 10.0

🔧 Remediation Steps (English)

Update GIMP to the latest patched version immediately. Implement input validation for FITS file uploads and restrict file processing to trusted sources. Disable FITS image loading if not required for operations. Monitor systems for suspicious FITS file processing activities.

🔧 خطوات المعالجة (العربية)

قم بتحديث GIMP إلى أحدث إصدار مصحح فوراً. طبق التحقق من صحة المدخلات لملفات FITS المرفوعة وقيد معالجة الملفات على المصادر الموثوقة. عطل تحميل صور FITS إذا لم تكن مطلوبة للعمليات. راقب الأنظمة للكشف عن أنشطة معالجة ملفات FITS المريبة.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.12.6.1 A.14.2.1

🔵 SAMA CSF

ID.RA-1 PR.IP-1

🟡 ISO 27001:2022

A.12.6.1 A.14.2.1 A.14.2.5

🔗 References & Sources 2

🔗

https://access.redhat.com/security/cve/CVE-2026-40915

secalert@redhat.com

🔗

https://bugzilla.redhat.com/show_bug.cgi?id=2458744

secalert@redhat.com

📊 CVSS Score

5.5

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionR — Required

ScopeU — Unchanged

ConfidentialityN — None / Network

IntegrityN — None / Network

AvailabilityH — High

📋 Quick Facts

Severity Medium

CVSS Score5.5

CWECWE-190

EPSS0.03%

Exploit No

Patch ✗ No

Published 2026-04-15

Source Feed nvd

🇸🇦 Saudi Risk Score

6.0

/ 10.0 — Saudi Risk

Priority: MEDIUM

🏷️ Tags

CWE-190

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-40915

Introduce Yourself

Sign In Required