Fluid Attacks Database

Description

A flaw was found in gimp. This buffer overflow vulnerability in the GIF image loading component's ReadJeffsImage function allows an attacker to write beyond an allocated buffer by processing a specially crafted GIF file. This can lead to a denial of service or potentially arbitrary code execution.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	gimp	=3.0.4-3 \|\| =3.0.4-4 \|\| =3.0.4-5 \|\| =3.0.4-6 \|\| =3.0.4-6.1 \|\| =3.0.4-6.2 \|\| =3.0.6-1 \|\| =3.2.0-1 \|\| =3.2.0~rc2-1 \|\| =3.2.0~rc2-2 \|\| =3.2.0~rc2-3 \|\| =3.2.0~rc2-3.1 \|\| =3.2.0~rc2-3.2 \|\| =3.2.0~rc2-3.3 \|\| =3.2.0~rc3-1 \|\| >=0 <3.2.2-1	3.2.2-1
rpm rhel8	gimp	-	-
rpm rhel6	gimp	-	-

Aliases

1. CVE-2026-63842. NVD-2026-63843. OSV-DEBIAN-2026-63844. OSV-2026-63845. SECURITY-TRACKER-CVE-2026-6384

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.