{
  "threat_severity" : "Important",
  "public_date" : "2026-04-15T18:41:34Z",
  "bugzilla" : {
    "description" : "gimp: GIMP: Arbitrary code execution or denial of service via buffer overflow in GIF image processing",
    "id" : "2458749",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2458749"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.3",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-120",
  "details" : [ "A flaw was found in gimp. This buffer overflow vulnerability in the GIF image loading component's `ReadJeffsImage` function allows an attacker to write beyond an allocated buffer by processing a specially crafted GIF file. This can lead to a denial of service or potentially arbitrary code execution.", "A flaw was found in gimp. This buffer overflow vulnerability in the GIF image loading component's `ReadJeffsImage` function allows an attacker to write beyond an allocated buffer by processing a specially crafted GIF file. This can lead to a denial of service or potentially arbitrary code execution." ],
  "statement" : "Important: This flaw in GIMP's GIF image processing component allows an attacker to trigger a buffer overflow by providing a specially crafted GIF file. This could lead to a denial of service or arbitrary code execution. Exploitation requires user interaction to open a malicious GIF file.",
  "acknowledgement" : "Red Hat would like to thank chamalsl for reporting this issue.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Will not fix",
    "package_name" : "gimp",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "gimp",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Will not fix",
    "package_name" : "gimp:2.8/gimp",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "gimp",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-6384\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-6384" ],
  "name" : "CVE-2026-6384",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}