Vulnerability DatabaseCVE-2026-2272

CVE-2026-2272:
Linux Debian vulnerability analysis and mitigation

A flaw was found in GIMP. An integer overflow vulnerability exists when processing ICO image files, specifically in the ico_read_info and ico_read_icon functions. This issue arises because a size calculation for image buffers can wrap around due to a 32-bit integer evaluation, allowing oversized image headers to bypass security checks. A remote attacker could exploit this by providing a specially crafted ICO file, leading to a buffer overflow and memory corruption, which may result in an application level denial of service.

Source: NVD

View vulnerable instances

Not a customer? See how Wiz maps CVEs like this one to real cloud attack paths.

Watch 12-min demo

4.3

Score

Published March 26, 2026

Severity MEDIUM

CNA Score 4.3

Affected Technologies

Linux Debian
Linux Red Hat

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 18.3

Exploitation Probability (EPSS) 0.1

Affected packages and libraries

gimp:2.8::pygobject2-doc
gimp-devel

Sources

NVD
Debian Security Tracker
- Debian 11, 12, 13, 14 Severity MEDIUMHas FixAdded at: Feb 11, 2026
Echo
- Echo Severity MEDIUMHas FixAdded at: Feb 12, 2026
Red Hat Errata
- Red Hat 6, 7, 8, 9 Severity MEDIUMNo FixAdded at: Feb 11, 2026

Get a CVE risk assessment

Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.

Request assessment

Related Linux Debian vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-33986	HIGH	7.5	Wolfi	freerdp-devel	No	Yes	Mar 30, 2026
CVE-2026-33987	HIGH	7.1	Wolfi	freerdp2	No	Yes	Mar 30, 2026
CVE-2026-33995	MEDIUM	5.3	Wolfi	libwinpr	No	Yes	Mar 30, 2026
CVE-2026-34881	MEDIUM	5	Linux Debian	glance	No	Yes	Mar 31, 2026
CVE-2026-33691	N/A	N/A	Linux Debian	modsecurity-crs	No	No	Mar 31, 2026