CVE-2026-40917

MEDIUM NVD

CVSS Score 5

Severity MEDIUM

Published Apr 15, 2026

Vendor unknown

Description

A flaw was found in GIMP. This vulnerability, a heap buffer over-read in the `icns_slurp()` function, occurs when processing specially crafted ICNS image files. An attacker could provide a malicious ICNS file, potentially leading to application crashes or information disclosure on systems that process such files.

References

https://access.redhat.com/security/cve/CVE-2026-40917
https://bugzilla.redhat.com/show_bug.cgi?id=2458746