CVE-2026-5201

HIGH

Gdk-pixbuf: gdk-pixbuf: denial of service via heap-based buffer overflow when processing a specially crafted jpeg image

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2026-5201. PoCs published by fearlessresponsesolution, kagancapar.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2026-5201, a heap buffer overflow in gdk-pixbuf's JPEG loader. It includes multiple PoCs demonstrating RCE via vtable hijacking, ASLR bypass techniques, and a JPEG reproducer script.

Description

A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for example, via thumbnail generation. Successful exploitation leads to application crashes and denial of service (DoS) conditions.

Exploits (2)

github WORKING POC
by fearlessresponsesolution · tsqlpoc
https://github.com/fearlessresponsesolution/cve-pocs/tree/master/pocs/CVE-2026-5201

This repository contains a functional exploit for CVE-2026-5201, a heap buffer overflow in gdk-pixbuf's JPEG loader. It includes multiple PoCs demonstrating RCE via vtable hijacking, ASLR bypass techniques, and a JPEG reproducer script.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: gdk-pixbuf (JPEG loader)
No auth needed
Prerequisites: 32-bit Linux environment for full RCE · gdk-pixbuf with vulnerable JPEG loader
devstral-2 · analyzed May 20, 2026 Full analysis →
nomisec WORKING POC
by kagancapar · poc
https://github.com/kagancapar/CVE-2026-5201

This repository contains a functional exploit for CVE-2026-5201, a heap-based buffer overflow in gdk-pixbuf's JPEG loader. It includes a reproducer script, crash test code, and detailed analysis of the vulnerability.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: gdk-pixbuf (all versions before fix)
No auth needed
Prerequisites: A system with gdk-pixbuf installed · A crafted JPEG file
devstral-2 · analyzed Apr 08, 2026 Full analysis →

References (26)

Core 26
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:11325
https://access.redhat.com/errata/RHSA-2026:11325
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:11326
https://access.redhat.com/errata/RHSA-2026:11326
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:11327
https://access.redhat.com/errata/RHSA-2026:11327
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:11328
https://access.redhat.com/errata/RHSA-2026:11328
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:25096
https://access.redhat.com/errata/RHSA-2026:25096
Vdb Entry, X_Refsource_Redhat vdb-entry x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2026-5201
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:11806
https://access.redhat.com/errata/RHSA-2026:11806
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:12060
https://access.redhat.com/errata/RHSA-2026:12060
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:12061
https://access.redhat.com/errata/RHSA-2026:12061
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:10707
https://access.redhat.com/errata/RHSA-2026:10707
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:10708
https://access.redhat.com/errata/RHSA-2026:10708
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:10741
https://access.redhat.com/errata/RHSA-2026:10741
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:12062
https://access.redhat.com/errata/RHSA-2026:12062
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:12114
https://access.redhat.com/errata/RHSA-2026:12114
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:12115
https://access.redhat.com/errata/RHSA-2026:12115
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:16174
https://access.redhat.com/errata/RHSA-2026:16174
Issue Tracking, X_Refsource_Redhat issue-tracking x_refsource_redhat
RHBZ#2453291
https://bugzilla.redhat.com/show_bug.cgi?id=2453291
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:16008
https://access.redhat.com/errata/RHSA-2026:16008
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:16009
https://access.redhat.com/errata/RHSA-2026:16009
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:16030
https://access.redhat.com/errata/RHSA-2026:16030
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:19127
https://access.redhat.com/errata/RHSA-2026:19127
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:19210
https://access.redhat.com/errata/RHSA-2026:19210
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:19724
https://access.redhat.com/errata/RHSA-2026:19724
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:19725
https://access.redhat.com/errata/RHSA-2026:19725

Scores

CVSS v3 7.5
EPSS 0.0064
EPSS Percentile 71.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-122
Status published
Products (39)
gnome/gdk-pixbuf
Red Hat/Red Hat AI Inference Server 3.2 1779223651
Red Hat/Red Hat AI Inference Server 3.2 1779223654
Red Hat/Red Hat AI Inference Server 3.2 1780681984
Red Hat/Red Hat AI Inference Server 3.3 1778244531
Red Hat/Red Hat AI Inference Server 3.3 1778244546
Red Hat/Red Hat AI Inference Server 3.3 1778244559
Red Hat/Red Hat AI Inference Server 3.3 1778274666
Red Hat/Red Hat Enterprise Linux 10
Red Hat/Red Hat Enterprise Linux 10 0:2.42.12-4.el10_1.5
... and 29 more
Published Mar 31, 2026
Tracked Since Mar 31, 2026