CVE-2026-5201
Detail
Modified After Enrichment This CVE record has been updated after NVD enrichment efforts were completed. Enrichment data supplied by the NVD may require amendment due to these changes.
Description
A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for example, via thumbnail generation. Successful exploitation leads to application crashes and denial of service (DoS) conditions.
Metrics
CVSS Version 4.0
CVSS Version 3.x
CVSS Version 2.0
NVD enrichment efforts reference publicly available information to associate
vector strings. CVSS information contributed by other sources is also
displayed.
CVSS 4.0 Severity and Vector Strings:
NVD assessment
not yet provided.
CVSS 3.x Severity and Vector Strings:
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.0 Severity and Vector Strings:
NVD assessment
not yet provided.
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace.
We have provided these links to other web sites because they
may have information that would be of interest to you. No
inferences should be drawn on account of other sites being
referenced, or not, from this page. There may be other web
sites that are more appropriate for your purpose. NIST does
not necessarily endorse the views expressed, or concur with
the facts presented on these sites. Further, NIST does not
endorse any commercial products that may be mentioned on
these sites. Please address comments about this page to [email protected]
URL
Source(s)
Tag(s)
https://access.redhat.com/errata/RHSA-2026:10707
Red Hat, Inc.
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:10708
Red Hat, Inc.
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:10741
Red Hat, Inc.
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:11325
Red Hat, Inc.
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:11326
Red Hat, Inc.
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:11327
Red Hat, Inc.
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:11328
Red Hat, Inc.
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:11806
Red Hat, Inc.
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:12060
Red Hat, Inc.
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:12061
Red Hat, Inc.
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:12062
Red Hat, Inc.
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:12114
Red Hat, Inc.
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:12115
Red Hat, Inc.
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:16008
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2026:16009
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2026:16030
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2026:16174
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2026:19127
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2026:19210
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2026:19724
Red Hat, Inc.
https://access.redhat.com/errata/RHSA-2026:19725
Red Hat, Inc.
https://access.redhat.com/security/cve/CVE-2026-5201
Red Hat, Inc.
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2453291
Red Hat, Inc.
Issue Tracking
Third Party Advisory
https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/304
Red Hat, Inc.
Issue Tracking
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2026/04/msg00010.html
CVE
Mailing List
Third Party Advisory
Weakness Enumeration
CWE-ID
CWE Name
Source
CWE-122
Heap-based Buffer Overflow
Red Hat, Inc.
Change History
16 change records found show changes
CVE Modified by Red Hat, Inc. 5/21/2026 12:16:31 AM
Action
Type
Old Value
New Value
Added
Reference
https://access.redhat.com/errata/RHSA-2026:19724
CVE Modified by Red Hat, Inc. 5/20/2026 1:16:28 PM
Action
Type
Old Value
New Value
Added
Reference
https://access.redhat.com/errata/RHSA-2026:19725
CVE Modified by Red Hat, Inc. 5/19/2026 6:16:39 PM
Action
Type
Old Value
New Value
Added
Reference
https://access.redhat.com/errata/RHSA-2026:19127
Added
Reference
https://access.redhat.com/errata/RHSA-2026:19210
CVE Modified by Red Hat, Inc. 5/14/2026 7:16:37 PM
Action
Type
Old Value
New Value
Added
Reference
https://access.redhat.com/errata/RHSA-2026:16008
Added
Reference
https://access.redhat.com/errata/RHSA-2026:16009
Added
Reference
https://access.redhat.com/errata/RHSA-2026:16030
CVE Modified by Red Hat, Inc. 5/12/2026 6:16:47 AM
Action
Type
Old Value
New Value
Added
Reference
https://access.redhat.com/errata/RHSA-2026:16174
Initial Analysis by NIST 5/01/2026 3:14:40 PM
Action
Type
Old Value
New Value
Added
CPE Configuration
OR
*cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
*cpe:2.3:a:gnome:gdk-pixbuf:-:*:*:*:*:*:*:*
*cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
*cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
*cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
*cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
*cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*
*cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
Added
Reference Type
CVE: https://lists.debian.org/debian-lts-announce/2026/04/msg00010.html Types: Mailing List, Third Party Advisory
Added
Reference Type
Red Hat, Inc.: https://access.redhat.com/errata/RHSA-2026:10707 Types: Third Party Advisory
Added
Reference Type
Red Hat, Inc.: https://access.redhat.com/errata/RHSA-2026:10708 Types: Third Party Advisory
Added
Reference Type
Red Hat, Inc.: https://access.redhat.com/errata/RHSA-2026:10741 Types: Third Party Advisory
Added
Reference Type
Red Hat, Inc.: https://access.redhat.com/errata/RHSA-2026:11325 Types: Third Party Advisory
Added
Reference Type
Red Hat, Inc.: https://access.redhat.com/errata/RHSA-2026:11326 Types: Third Party Advisory
Added
Reference Type
Red Hat, Inc.: https://access.redhat.com/errata/RHSA-2026:11327 Types: Third Party Advisory
Added
Reference Type
Red Hat, Inc.: https://access.redhat.com/errata/RHSA-2026:11328 Types: Third Party Advisory
Added
Reference Type
Red Hat, Inc.: https://access.redhat.com/errata/RHSA-2026:11806 Types: Third Party Advisory
Added
Reference Type
Red Hat, Inc.: https://access.redhat.com/errata/RHSA-2026:12060 Types: Third Party Advisory
Added
Reference Type
Red Hat, Inc.: https://access.redhat.com/errata/RHSA-2026:12061 Types: Third Party Advisory
Added
Reference Type
Red Hat, Inc.: https://access.redhat.com/errata/RHSA-2026:12062 Types: Third Party Advisory
Added
Reference Type
Red Hat, Inc.: https://access.redhat.com/errata/RHSA-2026:12114 Types: Third Party Advisory
Added
Reference Type
Red Hat, Inc.: https://access.redhat.com/errata/RHSA-2026:12115 Types: Third Party Advisory
Added
Reference Type
Red Hat, Inc.: https://access.redhat.com/security/cve/CVE-2026-5201 Types: Third Party Advisory
Added
Reference Type
Red Hat, Inc.: https://bugzilla.redhat.com/show_bug.cgi?id=2453291 Types: Issue Tracking, Third Party Advisory
Added
Reference Type
Red Hat, Inc.: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/304 Types: Issue Tracking, Vendor Advisory
CVE Modified by Red Hat, Inc. 4/30/2026 9:16:04 AM
Action
Type
Old Value
New Value
Added
Reference
https://access.redhat.com/errata/RHSA-2026:12062
CVE Modified by Red Hat, Inc. 4/30/2026 4:16:07 AM
Action
Type
Old Value
New Value
Added
Reference
https://access.redhat.com/errata/RHSA-2026:12114
Added
Reference
https://access.redhat.com/errata/RHSA-2026:12115
CVE Modified by Red Hat, Inc. 4/30/2026 2:16:16 AM
Action
Type
Old Value
New Value
Added
Reference
https://access.redhat.com/errata/RHSA-2026:12060
Added
Reference
https://access.redhat.com/errata/RHSA-2026:12061
CVE Modified by Red Hat, Inc. 4/29/2026 6:16:21 PM
Action
Type
Old Value
New Value
Added
Reference
https://access.redhat.com/errata/RHSA-2026:11806
CVE Modified by Red Hat, Inc. 4/28/2026 5:16:17 AM
Action
Type
Old Value
New Value
Added
Reference
https://access.redhat.com/errata/RHSA-2026:11327
Added
Reference
https://access.redhat.com/errata/RHSA-2026:11328
CVE Modified by Red Hat, Inc. 4/28/2026 4:16:02 AM
Action
Type
Old Value
New Value
Added
Reference
https://access.redhat.com/errata/RHSA-2026:11325
Added
Reference
https://access.redhat.com/errata/RHSA-2026:11326
CVE Modified by Red Hat, Inc. 4/27/2026 6:16:09 AM
Action
Type
Old Value
New Value
Added
Reference
https://access.redhat.com/errata/RHSA-2026:10707
Added
Reference
https://access.redhat.com/errata/RHSA-2026:10741
CVE Modified by Red Hat, Inc. 4/26/2026 11:15:59 PM
Action
Type
Old Value
New Value
Added
Reference
https://access.redhat.com/errata/RHSA-2026:10708
CVE Modified by CVE 4/14/2026 8:16:21 AM
Action
Type
Old Value
New Value
Added
Reference
https://lists.debian.org/debian-lts-announce/2026/04/msg00010.html
New CVE Received from Red Hat, Inc. 3/31/2026 5:16:23 AM
Action
Type
Old Value
New Value
Added
Description
A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for example, via thumbnail generation. Successful exploitation leads to application crashes and denial of service (DoS) conditions.
Added
CVSS V3.1
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Added
CWE
CWE-122
Added
Reference
https://access.redhat.com/security/cve/CVE-2026-5201
Added
Reference
https://bugzilla.redhat.com/show_bug.cgi?id=2453291
Added
Reference
https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/304
Quick Info
CVE Dictionary Entry: CVE-2026-5201 NVD
Published Date: 03/31/2026 NVD
Last Modified: 05/21/2026
Source: Red Hat, Inc.
) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
