Changeflow GovPing Data Privacy & Cybersecurity GIMP Vulnerability: Denial of Service and Infor...
Priority review Notice Added Final

GIMP Vulnerability: Denial of Service and Information Disclosure

Favicon for wid.cert-bund.de CERT-Bund Security Advisories
Published March 25th, 2026
Detected March 26th, 2026
Email

Summary

CERT-Bund has issued a security advisory for GIMP, detailing a vulnerability that could allow remote attackers to cause a denial of service or disclose information. The advisory provides a CVSS Base Score of 4.4 (medium) and a Temporal Score of 4.1 (medium). Mitigation measures are not yet available.

View original document View source feed page

What changed

CERT-Bund has released Security Advisory WID-SEC-2026-0882 concerning a vulnerability in the GIMP (GNU Image Manipulation Program) software. The vulnerability, rated with a CVSS Base Score of 4.4 (medium), allows remote, anonymous attackers to exploit a flaw to perform a denial of service attack or disclose information. The advisory applies to GIMP versions on Linux, other UNIX systems, and Windows, noting that GIMP is a component of many Linux distributions.

While no specific mitigation is provided in this advisory, users of GIMP should be aware of the potential risks. The advisory indicates that the vulnerability is exploitable remotely but does not specify a compliance deadline or direct actions beyond awareness. Further information and potential patches will likely be released as the situation develops, and users should monitor for updates from CERT-Bund and GIMP developers.

What to do next

  1. Monitor for GIMP software updates addressing the disclosed vulnerability.
  2. Assess potential impact of the vulnerability on systems running GIMP.

Source document (simplified)

[WID-SEC-2026-0882] GIMP: Schwachstelle ermöglicht Denial of Service und Offenlegung von Informationen CVSS Base Score 4.4 (mittel) CVSS Temporal Score 4.1 (mittel) Remoteangriff nein Datum 25.03.2026 Stand 26.03.2026 Mitigation nein

Betroffene Systeme

Betriebssystem

  • Linux
  • Sonstiges
  • UNIX
  • Windows

Produktbeschreibung

Das "Gnu Image Manipulation Program" ist eine Open Source Software zum Bearbeiten von Bildern. Es ist auch Bestandteil vieler Linux Distributionen.

Produkte

25.03.2026
- Open Source GIMP

Angriff

Angriff

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in GIMP ausnutzen, um einen Denial of Service Angriff durchzuführen oder Informationen offenzulegen. CVE Informationen Versionshistorie Feedback zum Advisory geben

Related changes

Favicon for wid.cert-bund.de M-Files Server Information Disclosure Vulnerability Advisory
Priority review Apr 02, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de Cisco Nexus Vulnerabilities Allow File Manipulation, Data Disclosure
Routine Apr 02, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de IGEL UMS Vulnerability Allows Remote Information Disclosure
Priority review Apr 02, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for www.cssf.lu Active Supply Chain Attack Targeting Axios NPM
Urgent Apr 04, 2026 CSSF News Banking & Finance
Favicon for www.cert.ssi.gouv.fr SUSE Linux Kernel Multiple Vulnerabilities Advisory
Priority review Apr 03, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Multiple Ubuntu Linux Kernel Vulnerabilities Allow Arbitrary Code Execution
Priority review Apr 03, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity

Source

Favicon for wid.cert-bund.de
CERT-Bund Security Advisories wid.cert-bund.de/content/public/securityAdvisory/rss
Data Privacy & Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
CERT-Bund
Published
March 25th, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Substantive
Document ID
WID-SEC-2026-0882

Who this affects

Applies to
Manufacturers
Industry sector
3254 Pharmaceutical Manufacturing
Activity scope
Software Vulnerability Management
Geographic scope
Germany DE

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Software Vulnerabilities Information Security

Browse Categories

Agriculture & Food Safety 63 AI Regulation 3 Banking & Finance 266 Consumer Protection 44 Courts & Legal 358 Data Privacy & Cybersecurity 74 Defense & National Security 52 Education 20 Energy 101 Environment 85 Government & Legislation 277 Healthcare 136 Housing 16 Immigration 9 Insurance 58 Labor & Employment 113 Pharma & Drug Safety 103 Securities & Markets 104 Tax 66 Telecom & Technology 47 Trade & Sanctions 124 Transportation 57

Get Data Privacy & Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CERT-Bund Security Advisories publishes new changes.

Optional. Personalizes your daily digest.

Free. Unsubscribe anytime.