A heap-based buffer overflow vulnerability (CVE-2026-5201, CVSS 7.5 HIGH) in the gdk-pixbuf2 image library allows for a Denial of Service attack when processing a specially crafted JPEG image. The update addresses this flaw for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Telecommunications Update Service. Affected systems should apply the provided package update, specifically gdk-pixbuf2 version 2.36.12-7.el8_8.
Red Hat Product Errata RHSA-2026:12060 - Security Advisory Issued: 2026-04-30 Updated: 2026-04-30 RHSA-2026:12060 - Security Advisory Overview Updated Packages Synopsis Important: gdk-pixbuf2 security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for gdk-pixbuf2 is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The gdk-pixbuf2 packages provide an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. Security Fix(es): gdk-pixbuf: gdk-pixbuf: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image (CVE-2026-5201) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8 x86_64 Red Hat Enterprise Linux Server - TUS 8.8 x86_64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64 Fixes BZ - 2453291 - CVE-2026-5201 gdk-pixbuf: gdk-pixbuf: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image CVEs CVE-2026-5201 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8 SRPM gdk-pixbuf2-2.36.12-7.el8_8.src.rpm SHA-256: 6e862ca1b7f91636b2e1e871b3433cce51f4b46823ee4086c13eac1fbd849a2c x86_64 gdk-pixbuf2-2.36.12-7.el8_8.i686.rpm SHA-256: cb746380f3e0943abced486cedd5f3e0d0ee6cc314d6b83d0348ffad967d510b gdk-pixbuf2-2.36.12-7.el8_8.x86_64.rpm SHA-256: d8147ac4c6985f556bb4f77f45113fac113214df9d5bc9144bd84867f8176727 gdk-pixbuf2-debuginfo-2.36.12-7.el8_8.i686.rpm SHA-256: f533eb1d35d1a094d18846a41a930a869f4ebde72dde2115965a188953f3be63 gdk-pixbuf2-debuginfo-2.36.12-7.el8_8.i686.rpm SHA-256: f533eb1d35d1a094d18846a41a930a869f4ebde72dde2115965a188953f3be63 gdk-pixbuf2-debuginfo-2.36.12-7.el8_8.x86_64.rpm SHA-256: dfcc0fcf8e8442cc37ba01f72b9f8a804ebf76019f26738818cec5fc9b236862 gdk-pixbuf2-debuginfo-2.36.12-7.el8_8.x86_64.rpm SHA-256: dfcc0fcf8e8442cc37ba01f72b9f8a804ebf76019f26738818cec5fc9b236862 gdk-pixbuf2-debugsource-2.36.12-7.el8_8.i686.rpm SHA-256: 260dd8401d2e3c75622de44ee3bc4252c09cf1fbfea7130b997dd5867a85e4aa gdk-pixbuf2-debugsource-2.36.12-7.el8_8.i686.rpm SHA-256: 260dd8401d2e3c75622de44ee3bc4252c09cf1fbfea7130b997dd5867a85e4aa gdk-pixbuf2-debugsource-2.36.12-7.el8_8.x86_64.rpm SHA-256: 64e9899db129704cae67961cb3973e2b53fb8698479cfcb53b128c9cc1ac7d8f gdk-pixbuf2-debugsource-2.36.12-7.el8_8.x86_64.rpm SHA-256: 64e9899db129704cae67961cb3973e2b53fb8698479cfcb53b128c9cc1ac7d8f gdk-pixbuf2-devel-2.36.12-7.el8_8.i686.rpm SHA-256: fa983e84793bd5d8b20c919b4e1c720bc9bea63a676146f116989a29b23822ea gdk-pixbuf2-devel-2.36.12-7.el8_8.x86_64.rpm SHA-256: dbe15681d118740f8eb6f5450c2b5512d8ed17a7e5b881b3bcee368410d89758 gdk-pixbuf2-devel-debuginfo-2.36.12-7.el8_8.i686.rpm SHA-256: 5dd9763cb0ba22f23432135b414796256570df8bff95d0be6ec7a5fd21636220 gdk-pixbuf2-devel-debuginfo-2.36.12-7.el8_8.i686.rpm SHA-256: 5dd9763cb0ba22f23432135b414796256570df8bff95d0be6ec7a5fd21636220 gdk-pixbuf2-devel-debuginfo-2.36.12-7.el8_8.x86_64.rpm SHA-256: 6ef7e96c749743da8a6447d88d6555bd4648da869530fb778615d6cb7f5f4f4e gdk-pixbuf2-devel-debuginfo-2.36.12-7.el8_8.x86_64.rpm SHA-256: 6ef7e96c749743da8a6447d88d6555bd4648da869530fb778615d6cb7f5f4f4e gdk-pixbuf2-modules-2.36.12-7.el8_8.i686.rpm SHA-256: 340fd4d773270a0da38616f1f3e87f3e56f3a9ac828ed98705dd05d680124a00 gdk-pixbuf2-modules-2.36.12-7.el8_8.x86_64.rpm SHA-256: bc043dcbb02406de57599c0f8530c52f470349487f3fc4fbce1be96532893446 gdk-pixbuf2-modules-debuginfo-2.36.12-7.el8_8.i686.rpm SHA-256: c33e5ca99dcef67fb728e497874fc7a3e2956b882492c513bb38c674f28d36c4 gdk-pixbuf2-modules-debuginfo-2.36.12-7.el8_8.i686.rpm SHA-256: c33e5ca99dcef67fb728e497874fc7a3e2956b882492c513bb38c674f28d36c4 gdk-pixbuf2-modules-debuginfo-2.36.12-7.el8_8.x86_64.rpm SHA-256: 6f712e84b544c8bd7b9416e2778004e4ed3e4fe325082dc9fb9edc157567b898 gdk-pixbuf2-modules-debuginfo-2.36.12-7.el8_8.x86_64.rpm SHA-256: 6f712e84b544c8bd7b9416e2778004e4ed3e4fe325082dc9fb9edc157567b898 gdk-pixbuf2-tests-debuginfo-2.36.12-7.el8_8.i686.rpm SHA-256: e7ca88bf45fa8dbc2a38289cb1f490ceda7b91ea3e720345947ca989152a5e1f gdk-pixbuf2-tests-debuginfo-2.36.12-7.el8_8.i686.rpm SHA-256: e7ca88bf45fa8dbc2a38289cb1f490ceda7b91ea3e720345947ca989152a5e1f gdk-pixbuf2-tests-debuginfo-2.36.12-7.el8_8.x86_64.rpm SHA-256: e6c1e3e8273e3f121d3c94fdc8320ba9afb83c70031a91d21e91d292e5b8c7ef gdk-pixbuf2-tests-debuginfo-2.36.12-7.el8_8.x86_64.rpm SHA-256: e6c1e3e8273e3f121d3c94fdc8320ba9afb83c70031a91d21e91d292e5b8c7ef gdk-pixbuf2-xlib-debuginfo-2.36.12-7.el8_8.i686.rpm SHA-256: 8097cfb43439db266a14a836cbe52d6b9e25acfd8583508257f5630a0fa4e7fa gdk-pixbuf2-xlib-debuginfo-2.36.12-7.el8_8.i686.rpm SHA-256: 8097cfb43439db266a14a836cbe52d6b9e25acfd8583508257f5630a0fa4e7fa gdk-pixbuf2-xlib-debuginfo-2.36.12-7.el8_8.x86_64.rpm SHA-256: a470f6cf9b2c74fc1c03b70215518bad51f67a2dbbdd8cfd042dd2aab9c3e5d7 gdk-pixbuf2-xlib-debuginfo-2.36.12-7.el8_8.x86_64.rpm SHA-256: a470f6cf9b2c74fc1c03b70215518bad51f67a2dbbdd8cfd042dd2aab9c3e5d7 Red Hat Enterprise Linux Server - TUS 8.8 SRPM gdk-pixbuf2-2.36.12-7.el8_8.src.rpm SHA-256: 6e862ca1b7f91636b2e1e871b3433cce51f4b46823ee4086c13eac1fbd849a2c x86_64 gdk-pixbuf2-2.36.12-7.el8_8.i686.rpm SHA-256: cb746380f3e0943abced486cedd5f3e0d0ee6cc314d6b83d0348ffad967d510b gdk-pixbuf2-2.36.12-7.el8_8.x86_64.rpm SHA-256: d8147ac4c6985f556bb4f77f45113fac113214df9d5bc9144bd84867f8176727 gdk-pixbuf2-debuginfo-2.36.12-7.el8_8.i686.rpm SHA-256: f533eb1d35d1a094d18846a41a930a869f4ebde72dde2115965a188953f3be63 gdk-pixbuf2-debuginfo-2.36.12-7.el8_8.i686.rpm SHA-256: f533eb1d35d1a094d18846a41a930a869f4ebde72dde2115965a188953f3be63 gdk-pixbuf2-debuginfo-2.36.12-7.el8_8.x86_64.rpm SHA-256: dfcc0fcf8e8442cc37ba01f72b9f8a804ebf76019f26738818cec5fc9b236862 gdk-pixbuf2-debuginfo-2.36.12-7.el8_8.x86_64.rpm SHA-256: dfcc0fcf8e8442cc37ba01f72b9f8a804ebf76019f26738818cec5fc9b236862 gdk-pixbuf2-debugsource-2.36.12-7.el8_8.i686.rpm SHA-256: 260dd8401d2e3c75622de44ee3bc4252c09cf1fbfea7130b997dd5867a85e4aa gdk-pixbuf2-debugsource-2.36.12-7.el8_8.i686.rpm SHA-256: 260dd8401d2e3c75622de44ee3bc4252c09cf1fbfea7130b997dd5867a85e4aa gdk-pixbuf2-debugsource-2.36.12-7.el8_8.x86_64.rpm SHA-256: 64e9899db129704cae67961cb3973e2b53fb8698479cfcb53b128c9cc1ac7d8f gdk-pixbuf2-debugsource-2.36.12-7.el8_8.x86_64.rpm SHA-256: 64e9899db129704cae67961cb3973e2b53fb8698479cfcb53b128c9cc1ac7d8f gdk-pixbuf2-devel-2.36.12-7.el8_8.i686.rpm SHA-256: fa983e84793bd5d8b20c919b4e1c720bc9bea63a676146f116989a29b23822ea gdk-pixbuf2-devel-2.36.12-7.el8_8.x86_64.rpm SHA-256: dbe15681d118740f8eb6f5450c2b5512d8ed17a7e5b881b3bcee368410d89758 gdk-pixbuf2-devel-debuginfo-2.36.12-7.el8_8.i686.rpm SHA-256: 5dd9763cb0ba22f23432135b414796256570df8bff95d0be6ec7a5fd21636220 gdk-pixbuf2-devel-debuginfo-2.36.12-7.el8_8.i686.rpm SHA-256: 5dd9763cb0ba22f23432135b414796256570df8bff95d0be6ec7a5fd21636220 gdk-pixbuf2-devel-debuginfo-2.36.12-7.el8_8.x86_64.rpm SHA-256: 6ef7e96c749743da8a6447d88d6555bd4648da869530fb778615d6cb7f5f4f4e gdk-pixbuf2-devel-debuginfo-2.36.12-7.el8_8.x86_64.rpm SHA-256: 6ef7e96c749743da8a6447d88d6555bd4648da869530fb778615d6cb7f5f4f4e gdk-pixbuf2-modules-2.36.12-7.el8_8.i686.rpm SHA-256: 340fd4d773270a0da38616f1f3e87f3e56f3a9ac828ed98705dd05d680124a00 gdk-pixbuf2-modules-2.36.12-7.el8_8.x86_64.rpm SHA-256: bc043dcbb02406de57599c0f8530c52f470349487f3fc4fbce1be96532893446 gdk-pixbuf2-modules-debuginfo-2.36.12-7.el8_8.i686.rpm SHA-256: c33e5ca99dcef67fb728e497874fc7a3e2956b882492c513bb38c674f28d36c4 gdk-pixbuf2-modules-debuginfo-2.36.12-7.el8_8.i686.rpm SHA-256: c33e5ca99dcef67fb728e497874fc7a3e2956b882492c513bb38c674f28d36c4 gdk-pixbuf2-modules-debuginfo-2.36.12-7.el8_8.x86_64.rpm SHA-256: 6f712e84b544c8bd7b9416e2778004e4ed3e4fe325082dc9fb9edc157567b898 gdk-pixbuf2-modules-debuginfo-2.36.12-7.el8_8.x86_64.rpm SHA-256: 6f712e84b544c8bd7b9416e2778004e4ed3e4fe325082dc9fb9edc157567b898 gdk-pixbuf2-tests-debuginfo-2.36.12-7.el8_8.i686.rpm SHA-256: e7ca88bf45fa8dbc2a38289cb1f490ceda7b91ea3e720345947ca989152a5e1f gdk-pixbuf2-tests-debuginfo-2.36.12-7.el8_8.i686.rpm SHA-256: e7ca88bf45fa8dbc2a38289cb1f490ceda7b91ea3e720345947ca989152a5e1f gdk-pixbuf2-tests-debuginfo-2.36.12-7.el8_8.x86_64.rpm SHA-256: e6c1e3e8273e3f121d3c94fdc8320ba9afb83c70031a91d21e91d292e5b8c7ef gdk-pixbuf2-tests-debuginfo-2.36.12-7.el8_8.x86_64.rpm SHA-256: e6c1e3e8273e3f121d3c94fdc8320ba9afb83c70031a91d21e91d292e5b8c7ef gdk-pixbuf2-xlib-debuginfo-2.36.12-7.el8_8.i686.rpm SHA-256: 8097cfb43439db266a14a836cbe52d6b9e25acfd8583508257f5630a0fa4e7fa gdk-pixbuf2-xlib-debuginfo-2.36.12-7.el8_8.i686.rpm SHA-256: 8097cfb43439db266a14a836cbe52d6b9e25acfd8583508257f5630a0fa4e7fa gdk-pixbuf2-xlib-debuginfo-2.36.12-7.el8_8.x86_64.rpm SHA-256: a470f6cf9b2c74fc1c03b70215518bad51f67a2dbbdd8cfd042dd2aab9c3e5d7 gdk-pixbuf2-xlib-debuginfo-2.36.12-7.el8_8.x86_64.rpm SHA-256: a470f6cf9b2c74fc1c03b70215518bad51f67a2dbbdd8cfd0