CVE-2026-5201
Gdk-pixbuf: gdk-pixbuf: denial of service via heap-based buffer overflow when processing a specially crafted jpeg image
CVSS Score
7.5
EPSS Score
0.7%
EPSS Percentile
73th
A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for example, via thumbnail generation. Successful exploitation leads to application crashes and denial of service (DoS) conditions.
| CWE | CWE-122 |
| Vendor | red hat |
| Product | red hat enterprise linux 10 |
| Published | Mar 31, 2026 |
| Last Updated | May 21, 2026 |
Stay Ahead of the Next One
Get instant alerts for red hat red hat enterprise linux 10
Be the first to know when new high vulnerabilities affecting red hat red hat enterprise linux 10 are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Affected Versions
Red Hat / Red Hat Enterprise Linux 10
All versions affected Red Hat / Red Hat Enterprise Linux 10
All versions affected Red Hat / Red Hat Enterprise Linux 10.0 Extended Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 7 Extended Lifecycle Support
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8.2 Advanced Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Telecommunications Update Service
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 8.8 Telecommunications Update Service
All versions affected Red Hat / Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 9.4 Extended Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 9.6 Extended Update Support
All versions affected Red Hat / Red Hat AI Inference Server 3.2
All versions affected Red Hat / Red Hat AI Inference Server 3.2
All versions affected Red Hat / Red Hat AI Inference Server 3.3
All versions affected Red Hat / Red Hat AI Inference Server 3.3
All versions affected Red Hat / Red Hat AI Inference Server 3.3
All versions affected Red Hat / Red Hat AI Inference Server 3.3
All versions affected Red Hat / Red Hat Enterprise Linux 10
All versions affected Red Hat / Red Hat Enterprise Linux 10
All versions affected Red Hat / Red Hat Enterprise Linux 10
All versions affected Red Hat / Red Hat Enterprise Linux 10
All versions affected Red Hat / Red Hat Enterprise Linux 6
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected References
access.redhat.com: https://access.redhat.com/errata/RHSA-2026:10707 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:10708 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:10741 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:11325 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:11326 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:11327 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:11328 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:11806 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:12060 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:12061 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:12062 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:12114 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:12115 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:16008 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:16009 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:16030 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:16174 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:19127 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:19210 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:19724 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:19725 access.redhat.com: https://access.redhat.com/security/cve/CVE-2026-5201 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2453291 gitlab.gnome.org: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/304 lists.debian.org: https://lists.debian.org/debian-lts-announce/2026/04/msg00010.html
Credits
Red Hat would like to thank Kağan Çapar for reporting this issue.