A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for example, via thumbnail generation. Successful exploitation leads to application crashes and denial of service (DoS) conditions.
| Score | Percentile |
|---|---|
| 1.07% | 60.54% |
| Base score | Version | Severity | Vector |
|---|---|---|---|
| 7.5 | 3.1 | — |
|
| Type | Value |
|---|---|
| GHSA | GHSA-9pr2-m366-8728 ↗ |
| CVE | CVE-2026-5201 ↗ |
| CWE id | Name |
|---|---|
| CWE-122 | Heap-based Buffer Overflow |