CVE-2026-40917

🗓️ 15 Apr 2026 18:59:09Reported by redhatType

A heap overread in icns_slurp during ICNS file processing can crash the image editor and disclose data.

Reporter	Title	Published	Views	Family All 17
ATTACKERKB	CVE-2026-40917	15 Apr 202618:59	–	attackerkb
CNNVD	GIMP 安全漏洞	15 Apr 202600:00	–	cnnvd
Cvelist	CVE-2026-40917 Gimp: gimp: application crashes or information disclosure via crafted icns image files	15 Apr 202618:59	–	cvelist
Debian CVE	CVE-2026-40917	15 Apr 202618:59	–	debiancve
EUVD	EUVD-2026-23024	15 Apr 202621:30	–	euvd
NVD	CVE-2026-40917	15 Apr 202620:16	–	nvd
OSV	DEBIAN-CVE-2026-40917	15 Apr 202620:16	–	osv
OSV	OESA-2026-2000 gimp security update	25 Apr 202605:47	–	osv
OSV	OESA-2026-2001 gimp security update	25 Apr 202605:47	–	osv
OSV	OESA-2026-2002 gimp security update	25 Apr 202605:47	–	osv

NVD

Node

gimp gimpMatch-

redhat enterprise_linuxMatch6.0

redhat enterprise_linuxMatch7.0

redhat enterprise_linuxMatch8.0

redhat enterprise_linuxMatch9.0

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "gimp",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "gimp",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "gimp:2.8/gimp",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "gimp",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ]
  }
]

Source	Link
access	www.access.redhat.com/security/cve/CVE-2026-40917
bugzilla	www.bugzilla.redhat.com/show_bug.cgi

28 Apr 2026 18:45Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.15 - 7.1

EPSS0.00012

SSVC

CWE-125