{"schema_version":"1.7.2","id":"OESA-2026-1711","modified":"2026-03-27T14:03:17Z","published":"2026-03-27T14:03:17Z","upstream":["CVE-2026-2046","CVE-2026-4152"],"summary":"gimp security update","details":"The GIMP is an image composition and editing program, which can be used for creating logos and other graphics for Web pages. The GIMP offers many tools and filters, and provides a large image manipulation toolbox, including channel operations and layers, effects, subpixel imaging and antialiasing, and conversions, together with multilevel undo. The GIMP offers a scripting facility, but many of the included scripts rely on fonts that we cannot distribute.\r\n\r\nSecurity Fix(es):\n\nA vulnerability classified as critical was found in GIMP (Image Processing Software) (version now known).The CWE definition for the vulnerability is CWE-122. A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().As an impact it is known to affect confidentiality, integrity, and availability.Applying a patch is able to eliminate this problem.(CVE-2026-2046)\n\n(CVE-2026-4152)","affected":[{"package":{"ecosystem":"openEuler:24.03-LTS-SP1","name":"gimp","purl":"pkg:rpm/openEuler/gimp&distro=openEuler-24.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.0.2-11.oe2403sp1"}]}],"ecosystem_specific":{"aarch64":["gimp-3.0.2-11.oe2403sp1.aarch64.rpm","gimp-debuginfo-3.0.2-11.oe2403sp1.aarch64.rpm","gimp-debugsource-3.0.2-11.oe2403sp1.aarch64.rpm","gimp-devel-3.0.2-11.oe2403sp1.aarch64.rpm","gimp-extension-goat-excercises-3.0.2-11.oe2403sp1.aarch64.rpm","gimp-libs-3.0.2-11.oe2403sp1.aarch64.rpm","gimp-plugin-aa-3.0.2-11.oe2403sp1.aarch64.rpm","gimp-plugin-python3-3.0.2-11.oe2403sp1.aarch64.rpm","gimp-vala-3.0.2-11.oe2403sp1.aarch64.rpm"],"src":["gimp-3.0.2-11.oe2403sp1.src.rpm"],"x86_64":["gimp-3.0.2-11.oe2403sp1.x86_64.rpm","gimp-debuginfo-3.0.2-11.oe2403sp1.x86_64.rpm","gimp-debugsource-3.0.2-11.oe2403sp1.x86_64.rpm","gimp-devel-3.0.2-11.oe2403sp1.x86_64.rpm","gimp-extension-goat-excercises-3.0.2-11.oe2403sp1.x86_64.rpm","gimp-libs-3.0.2-11.oe2403sp1.x86_64.rpm","gimp-plugin-aa-3.0.2-11.oe2403sp1.x86_64.rpm","gimp-plugin-python3-3.0.2-11.oe2403sp1.x86_64.rpm","gimp-vala-3.0.2-11.oe2403sp1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1711"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2046"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4152"}],"database_specific":{"severity":"High"}}