{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4151", "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "state": "PUBLISHED", "assignerShortName": "zdi", "dateReserved": "2026-03-13T20:32:33.728Z", "datePublished": "2026-04-11T00:15:45.368Z", "dateUpdated": "2026-04-14T03:55:50.232Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi", "dateUpdated": "2026-04-11T00:15:45.368Z"}, "title": "GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability", "descriptions": [{"lang": "en", "value": "GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of ANI files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28813."}], "affected": [{"vendor": "GIMP", "product": "GIMP", "versions": [{"version": "3.0.8", "status": "affected"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-190", "description": "CWE-190: Integer Overflow or Wraparound", "type": "CWE"}]}], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-218/", "name": "ZDI-26-218", "tags": ["x_research-advisory"]}, {"url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/09e5459de913172fc51da3bd6b6adc533acd368e", "name": "vendor-provided URL", "tags": ["vendor-advisory"]}], "dateAssigned": "2026-03-13T20:32:33.759Z", "datePublic": "2026-03-19T20:51:31.341Z", "source": {"lang": "en", "value": "Anonymous"}, "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-13T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-4151"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T03:55:50.232Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4151", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-13T17:24:45.722958Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T17:24:50.762Z"}}], "cna": {"title": "GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability", "source": {"lang": "en", "value": "Anonymous"}, "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "GIMP", "product": "GIMP", "versions": [{"status": "affected", "version": "3.0.8"}], "defaultStatus": "unknown"}], "datePublic": "2026-03-19T20:51:31.341Z", "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-218/", "name": "ZDI-26-218", "tags": ["x_research-advisory"]}, {"url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/09e5459de913172fc51da3bd6b6adc533acd368e", "name": "vendor-provided URL", "tags": ["vendor-advisory"]}], "dateAssigned": "2026-03-13T20:32:33.759Z", "descriptions": [{"lang": "en", "value": "GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of ANI files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28813."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "CWE-190: Integer Overflow or Wraparound"}]}], "providerMetadata": {"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi", "dateUpdated": "2026-04-11T00:15:45.368Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4151", "state": "PUBLISHED", "dateUpdated": "2026-04-14T03:55:50.232Z", "dateReserved": "2026-03-13T20:32:33.728Z", "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "datePublished": "2026-04-11T00:15:45.368Z", "assignerShortName": "zdi"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gimp:gimp:3.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "0866C0EF-59AE-4AB9-8D0F-7C75CD20F77E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of ANI files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28813."}], "id": "CVE-2026-4151", "lastModified": "2026-04-14T19:32:53.477", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "zdi-disclosures@trendmicro.com", "type": "Secondary"}]}, "published": "2026-04-11T01:16:16.697", "references": [{"source": "zdi-disclosures@trendmicro.com", "tags": ["Patch"], "url": "https://gitlab.gnome.org/GNOME/gimp/-/commit/09e5459de913172fc51da3bd6b6adc533acd368e"}, {"source": "zdi-disclosures@trendmicro.com", "tags": ["Third Party Advisory"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-26-218/"}], "sourceIdentifier": "zdi-disclosures@trendmicro.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "zdi-disclosures@trendmicro.com", "type": "Primary"}]}

{"bugzilla": {"description": "gimp: GIMP: Remote Code Execution via ANI File Parsing Integer Overflow", "id": "2457532", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457532"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-190", "details": ["A flaw was found in GIMP. Remote attackers can exploit this vulnerability by tricking a user into opening a specially crafted ANI (Animated Cursor) file or visiting a malicious web page. This issue stems from an integer overflow during the parsing of ANI files, caused by insufficient validation of user-supplied data before memory allocation. Successful exploitation could allow an attacker to execute arbitrary code on the affected system with the privileges of the current user."], "mitigation": {"lang": "en:us", "value": "To mitigate this issue, users should exercise caution and avoid opening untrusted ANI (Animated Cursor) files or visiting untrusted web pages. This vulnerability relies on user interaction to trigger the flaw, therefore, refraining from interacting with untrusted content will prevent exploitation."}, "name": "CVE-2026-4151", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "gimp", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "gimp", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "gimp:2.8/gimp", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "gimp", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-11T00:15:45Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-4151\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-4151\nhttps://gitlab.gnome.org/GNOME/gimp/-/commit/09e5459de913172fc51da3bd6b6adc533acd368e\nhttps://www.zerodayinitiative.com/advisories/ZDI-26-218/"], "statement": "Important: This flaw in GIMP allows for remote code execution due to an integer overflow when parsing specially crafted ANI (Animated Cursor) files. Exploitation requires user interaction, specifically opening a malicious ANI file or visiting a malicious web page. Red Hat users are affected if they process untrusted ANI files with GIMP.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "3.0.8"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "GIMP", "source": "cna", "vendor": "GIMP"}, "product": "gimp", "vendor": "gimp"}], "analysis": {"en": {"generated_at": "2026-04-14T21:53:11.135501+00:00", "value": {"mitigation_remediation": ["Update GIMP to the latest patched release available from the vendor", "Avoid opening or importing unfamiliar ANI files until a patch is applied", "Run GIMP in a sandbox or isolated environment to limit damage from a potential compromise", "Monitor vendor advisories for new patches or workarounds"], "summary": {"action": "Update GIMP", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The flaw affects the GIMP image editor, specifically version\u00a03.0.8, as identified by the CPE entry. No other vendors or product lines were listed as impacted in the CVE record.", "description_and_impact": "GIMP misparses ANI animation files, causing an integer overflow that permits an attacker to overflow a buffer and execute malicious code in the GIMP process. The weakness is a classic integer overflow (CWE\u2011190) that allows an adversary to take complete control of the application. The vulnerability requires the victim to run a specially crafted ANI file, either by opening it directly or by visiting a page that loads the file for parsing during GIMP\u2019s image import process.", "risk_and_exploitability": "The CVSS score of 7.8 indicates high severity, yet the EPSS score of less than 1\u202f% suggests that active exploitation is unlikely at present. The vulnerability is not present in CISA\u2019s Known Exploited Vulnerabilities catalog, and no public exploits have been documented. To exploit the flaw, an attacker must convince a user to open a malicious ANI file or to load the file via a web page, indicating that the attack vector is user\u2011initiated. Consequently, the overall risk is moderate, escalating in environments that routinely accept untrusted media or external files."}}}}, "created": "2026-04-13T12:42:15.143335+00:00", "updated": "2026-04-15T15:45:07.549810+00:00", "vendors": ["gimp", "gimp$PRODUCT$gimp"]}