Changeflow GovPing Data Privacy & Cybersecurity GIMP Vulnerabilities Allow Remote Code Execution
Priority review Notice Added Final

GIMP Vulnerabilities Allow Remote Code Execution

Favicon for wid.cert-bund.de CERT-Bund Security Advisories
Published March 16th, 2026
Detected March 17th, 2026
Email

Summary

CERT-Bund has issued a security advisory regarding multiple vulnerabilities in GIMP, a popular open-source image editing software. These vulnerabilities, with a CVSS Base Score of 7.8, could allow remote attackers to execute arbitrary code on affected systems running Linux, UNIX, or Windows.

View original document View source feed page

What changed

CERT-Bund has released Security Advisory WID-SEC-2026-0750 detailing critical vulnerabilities in the Gnu Image Manipulation Program (GIMP). The advisory, with a CVSS Base Score of 7.8 (High), indicates that remote, anonymous attackers can exploit these flaws to execute arbitrary program code on systems running Linux, UNIX, or Windows. The advisory notes that mitigation is available, but does not specify the exact nature of the mitigation or affected versions beyond 'Open Source GIMP' as of March 16, 2026.

Organizations utilizing GIMP, particularly those distributing it as part of Linux distributions or using it on Windows and UNIX systems, should immediately assess their exposure. While the advisory indicates mitigation is available, users are strongly advised to consult the provided CVE and information links for specific details on patching or mitigating these vulnerabilities. Failure to address these issues could lead to unauthorized code execution and potential system compromise. The advisory does not specify a compliance deadline, but prompt action is recommended due to the severity of the vulnerabilities.

What to do next

  1. Review GIMP installations for affected versions.
  2. Consult provided CVE and information links for specific mitigation steps.
  3. Apply available patches or implement workarounds to address vulnerabilities.

Source document (simplified)

[WID-SEC-2026-0750] GIMP: Mehrere Schwachstellen ermöglichen Codeausführung CVSS Base Score 7.8 (hoch) CVSS Temporal Score 6.8 (mittel) Remoteangriff nein Datum 16.03.2026 Stand 17.03.2026 Mitigation ja

Betroffene Systeme

Betriebssystem

  • Linux
  • Sonstiges
  • UNIX
  • Windows

Produktbeschreibung

Das "Gnu Image Manipulation Program" ist eine Open Source Software zum Bearbeiten von Bildern. Es ist auch Bestandteil vieler Linux Distributionen.

Produkte

16.03.2026
- Open Source GIMP

Angriff

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in GIMP ausnutzen, um beliebigen Programmcode auszuführen. CVE Informationen Versionshistorie Feedback zum Advisory geben

Related changes

Favicon for wid.cert-bund.de Python Vulnerability Allows Code Execution
Priority review Mar 23, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de Langflow Vulnerabilities Advisory
Urgent Mar 23, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de PTC FlexPLM and Windchill Vulnerability Allows Code Execution
Urgent Mar 23, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Microsoft Product Vulnerabilities Detailed
Priority review Mar 23, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Microsoft Edge Vulnerabilities
Priority review Mar 23, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr VMware Product Vulnerabilities - CERTFR Security Advisory
Priority review Mar 23, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity

Source

Favicon for wid.cert-bund.de
CERT-Bund Security Advisories wid.cert-bund.de/content/public/securityAdvisory/rss
Data Privacy & Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
CERT-Bund
Published
March 16th, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Substantive

Who this affects

Applies to
Manufacturers Technology companies
Geographic scope
de de

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Topics
Software Vulnerabilities Remote Code Execution

Browse Categories

Agriculture & Food Safety 61 Banking & Finance 230 Consumer Protection 40 Courts & Legal 315 Data Privacy & Cybersecurity 63 Defense & National Security 48 Education 20 Energy 104 Environment 83 Government & Legislation 259 Healthcare 131 Housing 15 Immigration 9 Insurance 56 Labor & Employment 111 Legal & Courts 1 Pharma & Drug Safety 97 Securities & Markets 78 Tax 63 Telecom & Technology 47 Trade & Sanctions 124 Transportation 56

Get Data Privacy & Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CERT-Bund Security Advisories publishes new changes.

Free. Unsubscribe anytime.