A heap-based buffer overflow vulnerability (CVE-2026-5201, CVSS 7.5 HIGH) in the gdk-pixbuf2 library allows for a Denial of Service attack when processing a specially crafted JPEG image. The flaw affects Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions, and the security update provides patched packages, including version gdk-pixbuf2-2.42.6-3.el9_0.1.
Red Hat Product Errata RHSA-2026:12061 - Security Advisory Issued: 2026-04-30 Updated: 2026-04-30 RHSA-2026:12061 - Security Advisory Overview Updated Packages Synopsis Important: gdk-pixbuf2 security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for gdk-pixbuf2 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The gdk-pixbuf2 packages provide an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. Security Fix(es): gdk-pixbuf: gdk-pixbuf: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image (CVE-2026-5201) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 s390x Fixes BZ - 2453291 - CVE-2026-5201 gdk-pixbuf: gdk-pixbuf: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image CVEs CVE-2026-5201 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 SRPM gdk-pixbuf2-2.42.6-3.el9_0.1.src.rpm SHA-256: 584618ffee3282d0ff9bc24b7136e0a6edddd1ccb6abb10be913d5d6fafe640f ppc64le gdk-pixbuf2-2.42.6-3.el9_0.1.ppc64le.rpm SHA-256: 384e7167dccd45dab2a2f3997320d86a2ca62fbbc8ee792aa8d5002e9a346afe gdk-pixbuf2-debuginfo-2.42.6-3.el9_0.1.ppc64le.rpm SHA-256: 1c8f6f5ce6b28568f83c664fb7d846da46c4611f6a1b8bfb2c78de66c461e2de gdk-pixbuf2-debugsource-2.42.6-3.el9_0.1.ppc64le.rpm SHA-256: 75fbbc106609eb6ac9b262f6083299b6ee1018fff17168481c69ca87c603cbfe gdk-pixbuf2-devel-2.42.6-3.el9_0.1.ppc64le.rpm SHA-256: 5330d05aa1294847c618adc26b9f1e3ca4e7ff81de46915f05b0a4fca0a23bcf gdk-pixbuf2-devel-debuginfo-2.42.6-3.el9_0.1.ppc64le.rpm SHA-256: 45e63f212308de3c6ae80982245abf757022d10d721b115195f39c34729e7708 gdk-pixbuf2-modules-2.42.6-3.el9_0.1.ppc64le.rpm SHA-256: 34fc7e9c18e8fb196c9019d90ef8ae3124e8aab683857f9ca3720bd3dd3d65b6 gdk-pixbuf2-modules-debuginfo-2.42.6-3.el9_0.1.ppc64le.rpm SHA-256: 540935e02493b1213dc7c4d34842798e064790a446ee9a41e54c3abf42299c91 gdk-pixbuf2-tests-debuginfo-2.42.6-3.el9_0.1.ppc64le.rpm SHA-256: 390ffee0f0666a6ea3a0705cc3c042aeff42971c5b879a51e9db936baf7ff106 Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 SRPM gdk-pixbuf2-2.42.6-3.el9_0.1.src.rpm SHA-256: 584618ffee3282d0ff9bc24b7136e0a6edddd1ccb6abb10be913d5d6fafe640f x86_64 gdk-pixbuf2-2.42.6-3.el9_0.1.i686.rpm SHA-256: b2f86409f04173d9c16545835fccd7a38fcc09a10e46afe5053b88d2773c5e33 gdk-pixbuf2-2.42.6-3.el9_0.1.x86_64.rpm SHA-256: 7ba6d6eae81e0298406c12b126311b9fa92453a11e368bbfa76bb82a844ebb63 gdk-pixbuf2-debuginfo-2.42.6-3.el9_0.1.i686.rpm SHA-256: 8d9d0872af0ced1d08352f8b9fa66259a37e4431e4e068c59d50d318e5977dd5 gdk-pixbuf2-debuginfo-2.42.6-3.el9_0.1.x86_64.rpm SHA-256: b97aab7d3e7553d1e10c15b7b40519bf8d1b784661ddad7881cb628f665df0de gdk-pixbuf2-debugsource-2.42.6-3.el9_0.1.i686.rpm SHA-256: de16c8e8af2a4c2affd90e28d09ff8a39615986eaec4563ef141c30285e5c839 gdk-pixbuf2-debugsource-2.42.6-3.el9_0.1.x86_64.rpm SHA-256: 8bb2921f467db97b1d25a13d8744160f91664a8db029ff42c8b13c4c008310e0 gdk-pixbuf2-devel-2.42.6-3.el9_0.1.i686.rpm SHA-256: beac8d4e673294dc31e10c0c2a592aeb078bd6a4da4c6ae4fb5f3bc3dae77534 gdk-pixbuf2-devel-2.42.6-3.el9_0.1.x86_64.rpm SHA-256: 2f5e63223d52539bd919daf9f8734cf7a0fafb98abc35c9080471d8193ff4128 gdk-pixbuf2-devel-debuginfo-2.42.6-3.el9_0.1.i686.rpm SHA-256: 053f301234fc8e9e6efe15ba7a86dba34a4e8c2c7ab8eebeb629bcd04e5a48ec gdk-pixbuf2-devel-debuginfo-2.42.6-3.el9_0.1.x86_64.rpm SHA-256: f087a5e2f3a88a5b8bdb25c95b8ff7123453ec903aee69aca71d4e4ea64f6b98 gdk-pixbuf2-modules-2.42.6-3.el9_0.1.i686.rpm SHA-256: 6a7d6284a3209d979abf21bfb081a954a97f079c93dce27e1732c8bfe8d09ca5 gdk-pixbuf2-modules-2.42.6-3.el9_0.1.x86_64.rpm SHA-256: 48145e9eb8ce391982c17697c5f70b4b418fbfa64791278ef25c9f4cbe0e1248 gdk-pixbuf2-modules-debuginfo-2.42.6-3.el9_0.1.i686.rpm SHA-256: 62e91041da1c32796e5bb6b3e80e5e188448b3592faf7954683aa4f4ebc2f782 gdk-pixbuf2-modules-debuginfo-2.42.6-3.el9_0.1.x86_64.rpm SHA-256: 558ec848736f0a94dfe53b5ab36a22ebaabd5371b0eebda62938127edcb547d6 gdk-pixbuf2-tests-debuginfo-2.42.6-3.el9_0.1.i686.rpm SHA-256: 8ff73771a2c353443a56a95bcf89e05aec9d9a941f369edb8f3798f222cb8626 gdk-pixbuf2-tests-debuginfo-2.42.6-3.el9_0.1.x86_64.rpm SHA-256: f5cde6ceac9a864ac3d4b7ff57e8137e220cbd62f70de7e8f2cf4bc2b0822b71 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 SRPM gdk-pixbuf2-2.42.6-3.el9_0.1.src.rpm SHA-256: 584618ffee3282d0ff9bc24b7136e0a6edddd1ccb6abb10be913d5d6fafe640f aarch64 gdk-pixbuf2-2.42.6-3.el9_0.1.aarch64.rpm SHA-256: 58a92e83d7e71458103ecc443fcc7f92c889dad4fa233fe022a93f73954672ab gdk-pixbuf2-debuginfo-2.42.6-3.el9_0.1.aarch64.rpm SHA-256: 3094fad17e696f1c9267ba248fbe8eb1594101acd1a5e9a4ed7f6246254eda54 gdk-pixbuf2-debugsource-2.42.6-3.el9_0.1.aarch64.rpm SHA-256: c581693f33db7e5e05771d0f6b769b3f92e170726a41bd9b6a97730b13bfba43 gdk-pixbuf2-devel-2.42.6-3.el9_0.1.aarch64.rpm SHA-256: b7d85c0823e4b0b26c9e83f077946b5c9542d4e48ccf17c24e937802e747b2ee gdk-pixbuf2-devel-debuginfo-2.42.6-3.el9_0.1.aarch64.rpm SHA-256: 8f8f3af48638262fca5030bc1685e3cfeba2b9934227580250352f92a27e2aa8 gdk-pixbuf2-modules-2.42.6-3.el9_0.1.aarch64.rpm SHA-256: 49fc323088737267a2624a722ff2461221bcbc751e7967d54fa055880409774a gdk-pixbuf2-modules-debuginfo-2.42.6-3.el9_0.1.aarch64.rpm SHA-256: 81254c3501c9a68f2f938cd2aa3b5fca2cf3d40838c4d454a6dee0422717cf65 gdk-pixbuf2-tests-debuginfo-2.42.6-3.el9_0.1.aarch64.rpm SHA-256: ced62157b3e208a9414209accfba5bdc108486bd8cecd0b3b557e9a201daf219 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 SRPM gdk-pixbuf2-2.42.6-3.el9_0.1.src.rpm SHA-256: 584618ffee3282d0ff9bc24b7136e0a6edddd1ccb6abb10be913d5d6fafe640f s390x gdk-pixbuf2-2.42.6-3.el9_0.1.s390x.rpm SHA-256: 085ebbf358ea3c7ba022c6481972e3f96bf8ea66e19b94f236622d049f9f47b4 gdk-pixbuf2-debuginfo-2.42.6-3.el9_0.1.s390x.rpm SHA-256: f9736a659fb7339d853a980aedf04cd4507c24b8ec52650d8400f3491fbdf6a4 gdk-pixbuf2-debugsource-2.42.6-3.el9_0.1.s390x.rpm SHA-256: 4522799ab8d3e53f35cb15478462388a6c11e3822052e40b8869f99beb9ab16a gdk-pixbuf2-devel-2.42.6-3.el9_0.1.s390x.rpm SHA-256: 4ba9609722bcf838f3cee8b796f0fc83868a62fe288d32d429138e3bb46d8201 gdk-pixbuf2-devel-debuginfo-2.42.6-3.el9_0.1.s390x.rpm SHA-256: 8ed850f492118b73abd0deabf4df736e7cfac86d6b81464f06734932259bca66 gdk-pixbuf2-modules-2.42.6-3.el9_0.1.s390x.rpm SHA-256: 32e7443354f2f53ee1240686a73c4c173fc25998566632d948db9f2172e8d9e7 gdk-pixbuf2-modules-debuginfo-2.42.6-3.el9_0.1.s390x.rpm SHA-256: fcb5e1f1ddf04c2ccbe7b3f42659da6c0cd20e0f633811a9deb4250d1ee554e3 gdk-pixbuf2-tests-debuginfo-2.42.6-3.el9_0.1.s390x.rpm SHA-256: 20881da6a39668dcc0697d30260d18e97ea901b73be97cbbf845d0ef265404c0 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .