Fluid Attacks Database

Description

A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for example, via thumbnail generation. Successful exploitation leads to application crashes and denial of service (DoS) conditions.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	gdk-pixbuf	=2.42.2+dfsg-1 \|\| =2.42.2+dfsg-1+deb11u1 \|\| =2.42.2+dfsg-1+deb11u2 \|\| =2.42.2+dfsg-1+deb11u3 \|\| =2.42.2+dfsg-1+deb11u4 \|\| >=0 <2.42.2+dfsg-1+deb11u5	2.42.2+dfsg-1+deb11u5
rpm rhel8	gdk-pixbuf2	<0:2.36.12-8.el8_10	0:2.36.12-8.el8_10
rpm rhel10	snapshot	-	-
rpm rhel9	gdk-pixbuf2	<0:2.42.6-6.el9_8.1	0:2.42.6-6.el9_8.1
rpm rhel7	gdk-pixbuf2	-	-
rpm rhel10	loupe	-	-
rpm rhel10	gdk-pixbuf2	<0:2.42.12-4.el10_2.5	0:2.42.12-4.el10_2.5
rpm rhel6	gdk-pixbuf2	-	-
debian 14	gdk-pixbuf	=2.42.12+dfsg-4 \|\| =2.42.12+dfsg-5 \|\| =2.44.3+dfsg-1 \|\| =2.44.3+dfsg-2 \|\| =2.44.3+dfsg-3 \|\| =2.44.4+dfsg-1 \|\| =2.44.4+dfsg-2 \|\| =2.44.4+dfsg-3 \|\| =2.44.5+dfsg-1 \|\| =2.44.5+dfsg-2 \|\| =2.44.5+dfsg-3 \|\| =2.44.5+dfsg-4 \|\| >=0 <2.44.6+dfsg-1	2.44.6+dfsg-1
debian 12	gdk-pixbuf	=2.42.10+dfsg-1 \|\| =2.42.10+dfsg-1+deb12u1 \|\| =2.42.10+dfsg-1+deb12u2 \|\| =2.42.10+dfsg-1+deb12u3 \|\| >=0 <2.42.10+dfsg-1+deb12u4	2.42.10+dfsg-1+deb12u4

1-10 of 15

Aliases

1. CVE-2026-52012. NVD-2026-52013. OSV-DEBIAN-2026-52014. OSV-2026-52015. SECURITY-TRACKER-CVE-2026-5201

References

1. https://github.com/kagancapar/CVE-2026-5201

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.