A heap-based buffer overflow vulnerability (CVE-2026-5201, CVSS 7.5 HIGH) in the gdk-pixbuf2 image library allows a denial-of-service attack when processing a specially crafted JPEG file. The vulnerability affects Red Hat Enterprise Linux 9, and the fix is provided in the updated package version `gdk-pixbuf2-2.42.6-6.el9_7.1`. Administrators should apply the update via the referenced Red Hat solution article.
Red Hat Product Errata RHSA-2026:10708 - Security Advisory Issued: 2026-04-27 Updated: 2026-04-27 RHSA-2026:10708 - Security Advisory Overview Updated Packages Synopsis Important: gdk-pixbuf2 security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for gdk-pixbuf2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The gdk-pixbuf2 packages provide an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. Security Fix(es): gdk-pixbuf: gdk-pixbuf: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image (CVE-2026-5201) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 9 x86_64 Red Hat Enterprise Linux for IBM z Systems 9 s390x Red Hat Enterprise Linux for Power, little endian 9 ppc64le Red Hat Enterprise Linux for ARM 64 9 aarch64 Fixes BZ - 2453291 - CVE-2026-5201 gdk-pixbuf: gdk-pixbuf: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image CVEs CVE-2026-5201 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 9 SRPM gdk-pixbuf2-2.42.6-6.el9_7.1.src.rpm SHA-256: 2b2768146443d902e33989ec0b934dfb8aea3c8dcede63f690d03bec9b717c94 x86_64 gdk-pixbuf2-2.42.6-6.el9_7.1.i686.rpm SHA-256: c6f36da42e38ada51cfa9be01eea055c8510c7d0853c5b04cd7e9031d5e4c86e gdk-pixbuf2-2.42.6-6.el9_7.1.x86_64.rpm SHA-256: fe6f010e0953f0e421015466a007e3586d570587ecad288c80a8750c6088597f gdk-pixbuf2-debuginfo-2.42.6-6.el9_7.1.i686.rpm SHA-256: 90dd77573e5752beb774be62d1ebc861be84e5bec84c76ce23b62c1dddceda7f gdk-pixbuf2-debuginfo-2.42.6-6.el9_7.1.x86_64.rpm SHA-256: bea74a4422e21d7c5464ee11ff0f465849191cba834cd6b9f0e80955e328bda1 gdk-pixbuf2-debugsource-2.42.6-6.el9_7.1.i686.rpm SHA-256: 0a89a74d5b250094b8b11a69b23d44229420cc25fcf3d4fae8f8cac532b5161b gdk-pixbuf2-debugsource-2.42.6-6.el9_7.1.x86_64.rpm SHA-256: acc13187ce4e407301ca027b573aa6d0f8115995533109ddb2723ddc8e3cebd5 gdk-pixbuf2-devel-2.42.6-6.el9_7.1.i686.rpm SHA-256: aa7e30662da8f177c8bc52ddea69a3b291a10742b2f2a13a4dba6e9145104290 gdk-pixbuf2-devel-2.42.6-6.el9_7.1.x86_64.rpm SHA-256: 5a3cdd318d0e55be7fd521b30447a65436033d8ce9d7ff24e5b765368b98ffb4 gdk-pixbuf2-devel-debuginfo-2.42.6-6.el9_7.1.i686.rpm SHA-256: a32475f75142a95ecea4074726fccf936672ec055e4e8e1c2ae2dda35fa19c15 gdk-pixbuf2-devel-debuginfo-2.42.6-6.el9_7.1.x86_64.rpm SHA-256: 333474687eb9070e6c0dd15a4bad04b515ae366906756e5f12cdde327a66c23b gdk-pixbuf2-modules-2.42.6-6.el9_7.1.i686.rpm SHA-256: 38a69eefcd790972b3321cb775636a5a4b88ba3251eb5c7a876b2a04427fcbab gdk-pixbuf2-modules-2.42.6-6.el9_7.1.x86_64.rpm SHA-256: 9f0d06c2d927c062e5cc3352df9c8fd52d1fee8a3fdbbc7e2e36f992b3a83923 gdk-pixbuf2-modules-debuginfo-2.42.6-6.el9_7.1.i686.rpm SHA-256: 79693446335d55b72c8c46000466a5a96530b4fad7483f63fbd7cd6e44f3fae3 gdk-pixbuf2-modules-debuginfo-2.42.6-6.el9_7.1.x86_64.rpm SHA-256: b073f66e588d0892e6536204139aed88508c1e1bf9de51ac847eb042da47f4b3 gdk-pixbuf2-tests-debuginfo-2.42.6-6.el9_7.1.i686.rpm SHA-256: c0ee19426581381c0f7a52096ce2aeba4d512ccddab891748a96c0c3a246249c gdk-pixbuf2-tests-debuginfo-2.42.6-6.el9_7.1.x86_64.rpm SHA-256: 80a43d994b19cbf3b6d04a753914aacd5fd74cec3a562ec3d5071056556a72e2 Red Hat Enterprise Linux for IBM z Systems 9 SRPM gdk-pixbuf2-2.42.6-6.el9_7.1.src.rpm SHA-256: 2b2768146443d902e33989ec0b934dfb8aea3c8dcede63f690d03bec9b717c94 s390x gdk-pixbuf2-2.42.6-6.el9_7.1.s390x.rpm SHA-256: b1b9871872a91c0503503371a018814c7825c2157b8c12ca0c8a593f76092b31 gdk-pixbuf2-debuginfo-2.42.6-6.el9_7.1.s390x.rpm SHA-256: 164c3461d28831da325da35373485ad071b17aadd38f311eef1b0ce202835643 gdk-pixbuf2-debugsource-2.42.6-6.el9_7.1.s390x.rpm SHA-256: 4aaa68dfd26b599e47c74bfa8d912fd5f86064dd7a2b82d14b22cb9d87fd69ef gdk-pixbuf2-devel-2.42.6-6.el9_7.1.s390x.rpm SHA-256: 52c997ac9b9b69f24c2f461099198ecafa92057435077b89b610268d2d715b9e gdk-pixbuf2-devel-debuginfo-2.42.6-6.el9_7.1.s390x.rpm SHA-256: 1a27f184673b6f5056d366ab571392396358a427cfcf1bb8a0d1bdf448f90310 gdk-pixbuf2-modules-2.42.6-6.el9_7.1.s390x.rpm SHA-256: 143391211e9bbd4fd54b5c6ee038474d2c0b302a710b24f3be5f346b88b6b031 gdk-pixbuf2-modules-debuginfo-2.42.6-6.el9_7.1.s390x.rpm SHA-256: 072fa3f0504e3ae97bd0467e6ab013809d5be3d2ad09beff4975cea2bade9005 gdk-pixbuf2-tests-debuginfo-2.42.6-6.el9_7.1.s390x.rpm SHA-256: 26e54dd594ee651e77edac12ab55d69a3d076d21b8f90e761a47a1d5bb44e196 Red Hat Enterprise Linux for Power, little endian 9 SRPM gdk-pixbuf2-2.42.6-6.el9_7.1.src.rpm SHA-256: 2b2768146443d902e33989ec0b934dfb8aea3c8dcede63f690d03bec9b717c94 ppc64le gdk-pixbuf2-2.42.6-6.el9_7.1.ppc64le.rpm SHA-256: 1d582825cf664293aa13bc284b00596f39d07df61808ed15fec91bb94168e239 gdk-pixbuf2-debuginfo-2.42.6-6.el9_7.1.ppc64le.rpm SHA-256: 9633c5201c2712a81aac3592493c8569eb95d3788061f14c1e74993495b85b85 gdk-pixbuf2-debugsource-2.42.6-6.el9_7.1.ppc64le.rpm SHA-256: 19f1a2fc5bec40168bf7a28d754cc30aafaafdedeef79fe109f5feba89943f50 gdk-pixbuf2-devel-2.42.6-6.el9_7.1.ppc64le.rpm SHA-256: 2783de0dbf3e662edfb0d714ae3f2a356672af27c3459629b9d1909c10979b80 gdk-pixbuf2-devel-debuginfo-2.42.6-6.el9_7.1.ppc64le.rpm SHA-256: 7da00dbc6ccf20d86f9a88375e4743d50e2247c15fce521eaebe56b6a8122a39 gdk-pixbuf2-modules-2.42.6-6.el9_7.1.ppc64le.rpm SHA-256: ad7edd6e634cd7268cc589588e6d7a35c110d2e4176114e66504406c385d19e4 gdk-pixbuf2-modules-debuginfo-2.42.6-6.el9_7.1.ppc64le.rpm SHA-256: baf83019987c69172993fbe5fb3663bedc2c0dc44b16662893f4dfb604f6983d gdk-pixbuf2-tests-debuginfo-2.42.6-6.el9_7.1.ppc64le.rpm SHA-256: c0f2368ecb76341ee06c27e21a633cae310e3ef50942e34a3d4d0701838445f6 Red Hat Enterprise Linux for ARM 64 9 SRPM gdk-pixbuf2-2.42.6-6.el9_7.1.src.rpm SHA-256: 2b2768146443d902e33989ec0b934dfb8aea3c8dcede63f690d03bec9b717c94 aarch64 gdk-pixbuf2-2.42.6-6.el9_7.1.aarch64.rpm SHA-256: 2870bcd420d22cd088f2b44f5b1ea99e91d84fb236eeb2fce3c8254400462a78 gdk-pixbuf2-debuginfo-2.42.6-6.el9_7.1.aarch64.rpm SHA-256: 019462ebaa225a0f0860d9e53a8a9207728cd20c47beaee7a131523183d8670d gdk-pixbuf2-debugsource-2.42.6-6.el9_7.1.aarch64.rpm SHA-256: 38530ca8a2fce5b2e7140c8d8cec7d6ce8671091cd62dc79be35c77df8bcbab9 gdk-pixbuf2-devel-2.42.6-6.el9_7.1.aarch64.rpm SHA-256: 7e4d1614964129cd1573ee97ccba26e0909841a522e147f9594de2428de61880 gdk-pixbuf2-devel-debuginfo-2.42.6-6.el9_7.1.aarch64.rpm SHA-256: 21b155ada01ca7b25649356f5c87349f82f6ba045d83608819ce8bc0d574ad2a gdk-pixbuf2-modules-2.42.6-6.el9_7.1.aarch64.rpm SHA-256: 71997f875f599e30d4c1bce29285f6812d5e7aa3f43d78d5150ece5380f12eb7 gdk-pixbuf2-modules-debuginfo-2.42.6-6.el9_7.1.aarch64.rpm SHA-256: d77e57603afc14fe5460ef70b6fa14db5bf406e9dfdcfe03c11e33ad3e4ab00e gdk-pixbuf2-tests-debuginfo-2.42.6-6.el9_7.1.aarch64.rpm SHA-256: 7aeb3e1fde4b340494d5e03c3d662f1b56746fcc53d7bf938d91e00a68a8a0b2 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .