CVE-2026-4151: Integer Overflow in GIMP ANI File Parsing Enables Remote Code Execution
A critical integer overflow vulnerability in GIMP's ANI file parsing, tracked as CVE-2026-4151, allows remote attackers to execute arbitrary code when a user opens a malicious ANI file.
A critical vulnerability in GIMP's ANI file parsing, designated CVE-2026-4151 and disclosed via ZDI-26-218, exposes users to remote code execution attacks. The flaw, reported to GIMP on March 5, 2026, and publicly disclosed on March 19, 2026, carries a CVSS score of 7.8, reflecting its high impact on confidentiality, integrity, and availability.
The vulnerability resides in the parsing of ANI (animated cursor) files. The specific flaw stems from a lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can exploit this by crafting a malicious ANI file and convincing a target to open it—either by visiting a compromised webpage or opening the file directly. Successful exploitation allows the attacker to execute arbitrary code in the context of the current process, potentially leading to full system compromise.
GIMP is a widely used open-source image editor available on Windows, macOS, and Linux. The vulnerability affects all users across all platforms, as ANI file parsing is a core feature. Given GIMP's popularity among graphic designers, photographers, and hobbyists, the potential attack surface is significant. The disclosure timeline indicates that GIMP was notified on March 5, 2026, and a patch was issued before the public advisory on March 19, 2026.
GIMP has released a patch to address the vulnerability. The fix is available in the official GIMP repository via commit 09e5459de913172fc51da3bd6b6adc533acd368e. Users are strongly advised to update their GIMP installations to the latest version to mitigate the risk. The vulnerability was reported anonymously to the Zero Day Initiative, which coordinated the disclosure.
This vulnerability highlights the ongoing risks associated with parsing complex file formats in widely deployed software. Integer overflow bugs remain a common class of memory corruption vulnerabilities, often leading to buffer overflows and code execution. The disclosure serves as a reminder for users to exercise caution when opening files from untrusted sources and to keep software updated.
The advisory was published by the Zero Day Initiative, a well-known vulnerability disclosure program. The coordinated disclosure process allowed GIMP to develop and release a patch before the vulnerability was made public, reducing the window of opportunity for attackers. Users should verify their GIMP version and apply the update promptly.