CVE-2026-2047 – This CVE describes a heap-based buffer overflow... (How to Fix)

Q: What is the severity of CVE-2026-2047?

CVE-2026-2047 has a CVSS score of 7.8 (HIGH). This CVE describes a heap-based buffer overflow vulnerability in GIMP's ICNS file parser that allows remote code execution. Attackers can exploit this by tricking users into opening malicious ICNS files, potentially gaining control of the affected system. All GIMP users who process ICNS files are affected.

📋 TL;DR

This CVE describes a heap-based buffer overflow vulnerability in GIMP's ICNS file parser that allows remote code execution. Attackers can exploit this by tricking users into opening malicious ICNS files, potentially gaining control of the affected system. All GIMP users who process ICNS files are affected.

💻 Affected Systems

Products:

GIMP (GNU Image Manipulation Program)

Versions: Versions prior to the fix in MR 2600

Operating Systems: Linux, Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations with ICNS file support enabled are vulnerable. The vulnerability requires user interaction to open a malicious file.

📦 What is this software?

Gimp by Gimp

View all CVEs affecting Gimp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining the same privileges as the GIMP user, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Local privilege escalation or malware installation on the user's system, with potential data exfiltration.

🟢

If Mitigated

Application crash or denial of service if exploit fails, with no code execution due to security controls like ASLR or DEP.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file). The vulnerability is in the ICNS parser specifically.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version containing the fix from merge request 2600

Vendor Advisory: https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2600/diffs?commit_id=dd2faac351f1ff2588529fedc606e6a5f815577c

Restart Required: Yes

Instructions:

1. Update GIMP to the latest version from official repositories. 2. On Linux: Use your package manager (apt, yum, etc.). 3. On Windows/macOS: Download from gimp.org. 4. Restart GIMP after update.

🔧 Temporary Workarounds

Disable ICNS file support

all

Remove or disable ICNS file format handling in GIMP

Not applicable - requires configuration changes in GIMP settings

File type restrictions

all

Block ICNS files at network perimeter or endpoint

Not applicable - implement via security policies

🧯 If You Can't Patch

Restrict user permissions to limit impact of successful exploitation
Implement application whitelisting to prevent unauthorized code execution

🔍 How to Verify

Check if Vulnerable:

Check GIMP version and compare against patched versions. Vulnerable if using version before MR 2600 fix.

Check Version:

gimp --version (Linux/macOS) or check About in GIMP GUI

Verify Fix Applied:

Verify GIMP version is updated to include the fix from merge request 2600.

📡 Detection & Monitoring

Log Indicators:

GIMP crash logs with ICNS file processing
Unexpected process creation from GIMP

Network Indicators:

Downloads of ICNS files from untrusted sources

SIEM Query:

Process:gimp AND (FileExtension:icns OR CrashDetected)

📊 Metadata

CVE ID: CVE-2026-2047

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-122

Published: February 20, 2026

Last Updated: February 24, 2026

🔗 References

https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2600/diffs?commit_id=dd2faac351f1ff2588529fedc606e6a5f815577c Issue Tracking,Patch,Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-26-120/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-2047, you might also want to check these: