View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2026-2271 severity important: SUSE including 8 source package names (gimp-2.10.30-150400.3.44.1, gimp-devel-2.10.30-150400.3.44.1, …), 19 product×package rows across 3 product lines (SUSE Linux Enterprise Module for Package Hub 15 SP7, SUSE Linux Enterprise Workstation Extension 15 SP7, openSUSE Leap 15.6): Fixed 19.
A flaw was found in GIMP's PSP (Paint Shop Pro) file parser. A remote attacker could exploit an integer overflow vulnerability in the read_creator_block() function by providing a specially crafted PSP image file. This vulnerability occurs when a 32-bit length value from the file is used for memory allocation without proper validation, leading to a heap overflow and an out-of-bounds write. Successful exploitation could result in an application level denial of service.