Alerts This Week
Warning Icon 1 914
Alerts This Week
Warning Icon 1 914

openSUSE GIMP Critical Buffer Overflow Vulnerability CVE-2026-2239

suse
Calendar Grey February 24, 2026
Dist Suse Esm H88
Critical patch for GIMP fixes integer overflows and buffer issues on openSUSE, ensuring better security for installations.
An update that solves three vulnerabilities can now be installed.

Summary

## This update for gimp fixes the following issues: * CVE-2026-2272: integer overflow in ICO file handling can lead to a heap buffer overflow (bsc#1258000). * CVE-2026-2271: integer overflow in the PSP file parser can lead to a heap buffer overflow (bsc#1257999). * CVE-2026-2239: missing null terminator when processing a specially crafted PSD file can lead to a heap buffer overflow and an application crash (bsc#1257959). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-604=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-604=1

Topics%20covered

Topics Covered

security advisory buffer overflow important heap overflow GIMP OpenSUSE

References

* bsc#1257959

* bsc#1257999

* bsc#1258000

Cross-

* CVE-2026-2239

* CVE-2026-2271

* CVE-2026-2272

CVSS scores:

* CVE-2026-2239 ( SUSE ): 4.8

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

* CVE-2026-2239 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

* CVE-2026-2271 ( SUSE ): 8.5

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2026-2271 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2026-2272 ( SUSE ): 8.5

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2026-2272 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4

* openSUSE Leap 15.6

* SUSE Linux Enterprise Desktop 15 SP7

* SUSE Linux Enterprise Real Time 15 SP7

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:0604-1
Release Date: 2026-02-24T11:17:14Z
Rating: important

Topics%20covered

Topics Covered

security advisory buffer overflow important heap overflow GIMP OpenSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here