HIGHCVE-2026-4151CVSS 7.8

CVE-2026-4151: RCE in GIMP 3.0.8

Platform

linux

Component

gimp

Fixed in

3.0.9

AI Confidence: highNVDEPSS 0.1%Reviewed: May 2026

View on NVD

Save

CVE-2026-4151 is a Remote Code Execution (RCE) vulnerability affecting GIMP versions 3.0.8. This flaw stems from improper validation during the parsing of ANI files, leading to an integer overflow. Successful exploitation allows an attacker to execute arbitrary code on the system, requiring user interaction such as opening a malicious file or visiting a malicious webpage. A patch is available to resolve this issue.

Impact and Attack Scenarios

The impact of CVE-2026-4151 is significant due to its RCE nature. An attacker could leverage this vulnerability to gain complete control over a vulnerable GIMP installation. This could involve installing malware, stealing sensitive data, or using the compromised system as a launchpad for further attacks on the network. The requirement for user interaction (opening a malicious ANI file) lowers the immediate risk, but widespread use of GIMP and the ease of distributing malicious files make it a concerning vulnerability. Similar integer overflow vulnerabilities in image processing libraries have historically been exploited to compromise systems.

Exploitation Context

CVE-2026-4151 was publicly disclosed on 2026-04-11. Its exploitation context is currently unknown, and no public proof-of-concept (PoC) exploits have been released. The vulnerability is not listed on the CISA KEV catalog at the time of writing. The CVSS score of 7.8 (HIGH) indicates a significant potential for exploitation if a PoC is developed and widely distributed.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown

CISA KEVNO

Internet ExposureLow

Reports1 threat report

EPSS

0.07% (21% percentile)

CISA SSVC

Exploitationnone

Automatableno

Affected Software

Componentgimp

VendorGIMP

Affected rangeFixed in

3.0.8 – 3.0.83.0.9

Weakness Classification (CWE)

CWE-190

Timeline

Reserved2026-03-13
Published2026-04-11
Modified2026-04-14
EPSS updated2026-04-18

Unpatched — 43 days since disclosure

Mitigation and Workarounds

The primary mitigation for CVE-2026-4151 is to upgrade GIMP to a patched version as soon as possible. If immediate patching is not feasible, consider restricting user access to untrusted ANI files. Network segmentation can limit the potential blast radius if a system is compromised. While a WAF is unlikely to directly address this file parsing vulnerability, it can help prevent the delivery of malicious ANI files to users. After upgrading, confirm the fix by attempting to open a known-malicious ANI file (in a safe, isolated environment) and verifying that GIMP does not crash or exhibit unexpected behavior.

How to fix

Update GIMP to a patched version to mitigate the integer overflow vulnerability in ANI file parsing. Refer to the release notes or the official GIMP website for specific upgrade instructions.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2026-4151 — RCE in GIMP 3.0.8?

CVE-2026-4151 is a Remote Code Execution vulnerability in GIMP 3.0.8, allowing attackers to execute code via malicious ANI files. It has a CVSS score of 7.8 (HIGH).

Am I affected by CVE-2026-4151 in GIMP 3.0.8?

If you are using GIMP version 3.0.8, you are potentially affected. Upgrade to a patched version to mitigate the risk.

How do I fix CVE-2026-4151 in GIMP 3.0.8?

The recommended fix is to upgrade GIMP to a patched version. Check the official GIMP website for available updates.

Is CVE-2026-4151 being actively exploited?

As of the current date, there are no confirmed reports of active exploitation, but the vulnerability's severity warrants caution.

Where can I find the official GIMP advisory for CVE-2026-4151?

Refer to the official GIMP website and security advisories for the latest information and updates regarding CVE-2026-4151.