CVE-2026-5201 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for example, via thumbnail generation. Successful exploitation leads to application crashes and denial of service (DoS) conditions.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Gnome	Gdk-Pixbuf	-
Redhat	Enterprise Linux	7.0
Redhat	Enterprise Linux Server Aus	8.2
Redhat	Enterprise Linux Server Tus	8.8

Related Weaknesses (CWE)

CWE-122

References

https://access.redhat.com/errata/RHSA-2026:10707Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:10708Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:10741Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:11325Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:11326Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:11327Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:11328Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:11806Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:12060Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:12061Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:12062Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:12114Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:12115Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:16008
https://access.redhat.com/errata/RHSA-2026:16009

FAQ

What is CVE-2026-5201?

CVE-2026-5201 is a vulnerability with a CVSS score of 7.5 (HIGH). A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a special...

How severe is CVE-2026-5201?

CVE-2026-5201 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-5201?

Check the references section above for vendor advisories and patch information. Affected products include: Gnome Gdk-Pixbuf, Redhat Enterprise Linux, Redhat Enterprise Linux Server Aus, Redhat Enterprise Linux Server Tus.