gdk-pixbuf Vulnerability - Denial of Service and Remote Code Execution Risk
Summary
CERT-Bund issued security advisory WID-SEC-2026-0945 warning of a high-severity vulnerability in gdk-pixbuf versions prior to 2.44.6. The vulnerability carries a CVSS Base Score of 7.5 (high) and enables remote attackers to perform denial of service attacks and potentially execute arbitrary code. Affected systems include UNIX operating systems running the GNOME image loading library.
What changed
CERT-Bund disclosed CVE-assigned vulnerability in gdk-pixbuf <2.44.6 affecting UNIX systems. The flaw allows remote, anonymous attackers to trigger denial of service conditions and potentially achieve arbitrary code execution through crafted image files. CVSS scores are 7.5 (Base) and 6.5 (Temporal), indicating high severity.
Organizations running gdk-pixbuf on UNIX systems must update to version 2.44.6 or later immediately. Security teams should apply available mitigations, monitor for vendor patches from Linux distributions, and audit systems for indicators of exploitation. This is an active vulnerability with remote attack capability requiring prompt patching.
What to do next
- Update gdk-pixbuf to version 2.44.6 or later on all affected UNIX systems
- Apply available mitigations referenced in the advisory
- Monitor for vendor-specific patches from Linux distributions and apply when available
Source document (simplified)
[WID-SEC-2026-0945] gdk-pixbuf: Schwachstelle ermöglicht Denial of Service und potenzielle Codeausführung CVSS Base Score 7.5 (hoch) CVSS Temporal Score 6.5 (mittel) Remoteangriff ja Datum 31.03.2026 Stand 01.04.2026 Mitigation ja
Betroffene Systeme
Betriebssystem
- UNIX
Produktbeschreibung
GdkPixbuf ist eine GNOME-Bibliothek zum Laden und Verändern von Bildern.
Produkte
31.03.2026
- Open Source gdk-pixbuf <2.44.6
Angriff
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in gdk-pixbuf ausnutzen, um einen Denial of Service Angriff durchzuführen und möglicherweise beliebigen Code auszuführen. CVE Informationen Versionshistorie Feedback zum Advisory geben
Named provisions
Related changes
Source
Classification
Who this affects
Taxonomy
Browse Categories
Get Data Privacy & Cybersecurity alerts
Weekly digest. AI-summarized, no noise.
Free. Unsubscribe anytime.
Get alerts for this source
We'll email you when CERT-Bund Security Advisories publishes new changes.