CVE-2026-5201

EUVD-2026-17343
A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for example, via thumbnail generation. Successful exploitation leads to application crashes and denial of service (DoS) conditions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
Affected Products (NVD)
VendorProductVersion
gnomegdk-pixbuf
-
redhatenterprise_linux
7.0
redhatenterprise_linux
8.0
redhatenterprise_linux
9.0
redhatenterprise_linux
10.0
redhatenterprise_linux_server_aus
8.2
redhatenterprise_linux_server_aus
8.4
redhatenterprise_linux_server_tus
8.8
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
gdk-pixbuf
bookworm
vulnerable
bookworm (security)
2.42.10+dfsg-1+deb12u4
fixed
bullseye
vulnerable
bullseye (security)
2.42.2+dfsg-1+deb11u5
fixed
forky
2.44.6+dfsg-2
fixed
sid
2.44.6+dfsg-2
fixed
trixie
vulnerable
trixie (security)
2.42.12+dfsg-4+deb13u1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gdk-pixbuf
bionic
needs-triage
focal
needs-triage
jammy
Fixed 2.42.8+dfsg-1ubuntu0.5
released
noble
Fixed 2.42.10+dfsg-3ubuntu3.3
released
questing
Fixed 2.42.12+dfsg-5ubuntu0.1
released
resolute
not-affected
xenial
needs-triage
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
gdk-pixbuf-devel
suse enterprise desktop 15 SP7
2.42.12-150600.3.11.1
fixed
suse enterprise sap 15 SP4
2.42.12-150400.5.17.1
fixed
suse enterprise sap 15 SP5
2.42.12-150400.5.17.1
fixed
suse enterprise sap 15 SP7
2.42.12-150600.3.11.1
fixed
suse enterprise server 12 SP5
2.34.0-19.26.1
fixed
suse enterprise server 15 SP4
2.42.12-150400.5.17.1
fixed
suse enterprise server 15 SP5
2.42.12-150400.5.17.1
fixed
suse enterprise server 15 SP6
2.42.12-150600.3.11.1
fixed
suse enterprise server 15 SP7
2.42.12-150600.3.11.1
fixed
gdk-pixbuf-lang
suse enterprise desktop 15 SP7
2.42.12-150600.3.11.1
fixed
suse enterprise sap 15 SP4
2.42.12-150400.5.17.1
fixed
suse enterprise sap 15 SP5
2.42.12-150400.5.17.1
fixed
suse enterprise sap 15 SP7
2.42.12-150600.3.11.1
fixed
suse enterprise server 12 SP3
2.34.0-19.26.1
fixed
suse enterprise server 12 SP5
2.34.0-19.26.1
fixed
suse enterprise server 15 SP4
2.42.12-150400.5.17.1
fixed
suse enterprise server 15 SP5
2.42.12-150400.5.17.1
fixed
suse enterprise server 15 SP6
2.42.12-150600.3.11.1
fixed
suse enterprise server 15 SP7
2.42.12-150600.3.11.1
fixed
gdk-pixbuf-query-loaders
suse enterprise desktop 15 SP7
2.42.12-150600.3.11.1
fixed
suse enterprise sap 15 SP4
2.42.12-150400.5.17.1
fixed
suse enterprise sap 15 SP5
2.42.12-150400.5.17.1
fixed
suse enterprise sap 15 SP7
2.42.12-150600.3.11.1
fixed
suse enterprise server 12 SP3
2.34.0-19.26.1
fixed
suse enterprise server 12 SP5
2.34.0-19.26.1
fixed
suse enterprise server 15 SP4
2.42.12-150400.5.17.1
fixed
suse enterprise server 15 SP5
2.42.12-150400.5.17.1
fixed
suse enterprise server 15 SP6
2.42.12-150600.3.11.1
fixed
suse enterprise server 15 SP7
2.42.12-150600.3.11.1
fixed
gdk-pixbuf-query-loaders-32bit
suse enterprise desktop 15 SP7
2.42.12-150600.3.11.1
fixed
suse enterprise sap 15 SP4
2.42.12-150400.5.17.1
fixed
suse enterprise sap 15 SP5
2.42.12-150400.5.17.1
fixed
suse enterprise sap 15 SP7
2.42.12-150600.3.11.1
fixed
suse enterprise server 12 SP3
2.34.0-19.26.1
fixed
suse enterprise server 12 SP5
2.34.0-19.26.1
fixed
suse enterprise server 15 SP4
2.42.12-150400.5.17.1
fixed
suse enterprise server 15 SP5
2.42.12-150400.5.17.1
fixed
suse enterprise server 15 SP6
2.42.12-150600.3.11.1
fixed
suse enterprise server 15 SP7
2.42.12-150600.3.11.1
fixed
gdk-pixbuf-thumbnailer
suse enterprise desktop 15 SP7
2.42.12-150600.3.11.1
fixed
suse enterprise sap 15 SP4
2.42.12-150400.5.17.1
fixed
suse enterprise sap 15 SP5
2.42.12-150400.5.17.1
fixed
suse enterprise sap 15 SP7
2.42.12-150600.3.11.1
fixed
suse enterprise server 15 SP4
2.42.12-150400.5.17.1
fixed
suse enterprise server 15 SP5
2.42.12-150400.5.17.1
fixed
suse enterprise server 15 SP6
2.42.12-150600.3.11.1
fixed
suse enterprise server 15 SP7
2.42.12-150600.3.11.1
fixed
libgdk_pixbuf-2_0-0
suse enterprise desktop 15 SP7
2.42.12-150600.3.11.1
fixed
suse enterprise sap 15 SP4
2.42.12-150400.5.17.1
fixed
suse enterprise sap 15 SP5
2.42.12-150400.5.17.1
fixed
suse enterprise sap 15 SP7
2.42.12-150600.3.11.1
fixed
suse enterprise server 12 SP3
2.34.0-19.26.1
fixed
suse enterprise server 12 SP5
2.34.0-19.26.1
fixed
suse enterprise server 15 SP4
2.42.12-150400.5.17.1
fixed
suse enterprise server 15 SP5
2.42.12-150400.5.17.1
fixed
suse enterprise server 15 SP6
2.42.12-150600.3.11.1
fixed
suse enterprise server 15 SP7
2.42.12-150600.3.11.1
fixed
libgdk_pixbuf-2_0-0-32bit
suse enterprise desktop 15 SP7
2.42.12-150600.3.11.1
fixed
suse enterprise sap 15 SP4
2.42.12-150400.5.17.1
fixed
suse enterprise sap 15 SP5
2.42.12-150400.5.17.1
fixed
suse enterprise sap 15 SP7
2.42.12-150600.3.11.1
fixed
suse enterprise server 12 SP3
2.34.0-19.26.1
fixed
suse enterprise server 12 SP5
2.34.0-19.26.1
fixed
suse enterprise server 15 SP4
2.42.12-150400.5.17.1
fixed
suse enterprise server 15 SP5
2.42.12-150400.5.17.1
fixed
suse enterprise server 15 SP6
2.42.12-150600.3.11.1
fixed
suse enterprise server 15 SP7
2.42.12-150600.3.11.1
fixed
typelib-1_0-GdkPixbuf-2_0
suse enterprise desktop 15 SP7
2.42.12-150600.3.11.1
fixed
suse enterprise sap 15 SP4
2.42.12-150400.5.17.1
fixed
suse enterprise sap 15 SP5
2.42.12-150400.5.17.1
fixed
suse enterprise sap 15 SP7
2.42.12-150600.3.11.1
fixed
suse enterprise server 12 SP3
2.34.0-19.26.1
fixed
suse enterprise server 12 SP5
2.34.0-19.26.1
fixed
suse enterprise server 15 SP4
2.42.12-150400.5.17.1
fixed
suse enterprise server 15 SP5
2.42.12-150400.5.17.1
fixed
suse enterprise server 15 SP6
2.42.12-150600.3.11.1
fixed
suse enterprise server 15 SP7
2.42.12-150600.3.11.1
fixed
typelib-1_0-GdkPixdata-2_0
suse enterprise desktop 15 SP7
2.42.12-150600.3.11.1
fixed
suse enterprise sap 15 SP4
2.42.12-150400.5.17.1
fixed
suse enterprise sap 15 SP5
2.42.12-150400.5.17.1
fixed
suse enterprise sap 15 SP7
2.42.12-150600.3.11.1
fixed
suse enterprise server 15 SP4
2.42.12-150400.5.17.1
fixed
suse enterprise server 15 SP5
2.42.12-150400.5.17.1
fixed
suse enterprise server 15 SP6
2.42.12-150600.3.11.1
fixed
suse enterprise server 15 SP7
2.42.12-150600.3.11.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
gdk-pixbuf2
RHEL 8
0:2.36.12-8.el8_10
fixed
RHEL 8.2 AUS
0:2.36.12-7.el8_2
fixed
RHEL 8.4 AUS
0:2.36.12-7.el8_4
fixed
RHEL 8.6 AUS
0:2.36.12-7.el8_6
fixed
RHEL 8.6 E4S
0:2.36.12-7.el8_6
fixed
RHEL 8.6 TUS
0:2.36.12-7.el8_6
fixed
RHEL 8.8 E4S
0:2.36.12-7.el8_8
fixed
RHEL 8.8 TUS
0:2.36.12-7.el8_8
fixed
RHEL 9
0:2.42.6-6.el9_7.1
fixed
gdk-pixbuf2-devel
RHEL 8
0:2.36.12-8.el8_10
fixed
RHEL 8.2 AUS
0:2.36.12-7.el8_2
fixed
RHEL 8.4 AUS
0:2.36.12-7.el8_4
fixed
RHEL 8.6 AUS
0:2.36.12-7.el8_6
fixed
RHEL 8.6 E4S
0:2.36.12-7.el8_6
fixed
RHEL 8.6 TUS
0:2.36.12-7.el8_6
fixed
RHEL 8.8 E4S
0:2.36.12-7.el8_8
fixed
RHEL 8.8 TUS
0:2.36.12-7.el8_8
fixed
RHEL 9
0:2.42.6-6.el9_7.1
fixed
gdk-pixbuf2-modules
RHEL 8
0:2.36.12-8.el8_10
fixed
RHEL 8.2 AUS
0:2.36.12-7.el8_2
fixed
RHEL 8.4 AUS
0:2.36.12-7.el8_4
fixed
RHEL 8.6 AUS
0:2.36.12-7.el8_6
fixed
RHEL 8.6 E4S
0:2.36.12-7.el8_6
fixed
RHEL 8.6 TUS
0:2.36.12-7.el8_6
fixed
RHEL 8.8 E4S
0:2.36.12-7.el8_8
fixed
RHEL 8.8 TUS
0:2.36.12-7.el8_8
fixed
RHEL 9
0:2.42.6-6.el9_7.1
fixed
gdk-pixbuf2-xlib
RHEL 8
0:2.36.12-8.el8_10
fixed
gdk-pixbuf2-xlib-devel
RHEL 8
0:2.36.12-8.el8_10
fixed
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2026:10707
https://access.redhat.com/errata/RHSA-2026:10708
https://access.redhat.com/errata/RHSA-2026:10741
https://access.redhat.com/errata/RHSA-2026:11325
https://access.redhat.com/errata/RHSA-2026:11326
https://access.redhat.com/errata/RHSA-2026:11327
https://access.redhat.com/errata/RHSA-2026:11328
https://access.redhat.com/errata/RHSA-2026:11806
https://access.redhat.com/errata/RHSA-2026:12060
https://access.redhat.com/errata/RHSA-2026:12061
https://access.redhat.com/errata/RHSA-2026:12062
https://access.redhat.com/errata/RHSA-2026:12114
https://access.redhat.com/errata/RHSA-2026:12115
https://access.redhat.com/errata/RHSA-2026:16008
https://access.redhat.com/errata/RHSA-2026:16009
https://access.redhat.com/errata/RHSA-2026:16030
https://access.redhat.com/errata/RHSA-2026:16174
https://access.redhat.com/security/cve/CVE-2026-5201
https://bugzilla.redhat.com/show_bug.cgi?id=2453291
https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/304
https://lists.debian.org/debian-lts-announce/2026/04/msg00010.html