A heap-based buffer overflow vulnerability (CVE-2026-5201, CVSS 7.5 HIGH) in the gdk-pixbuf2 image loading library allows for Denial of Service via processing a specially crafted JPEG image. This security update affects Red Hat Enterprise Linux 7 Extended Lifecycle Support systems, and the fix is provided in the updated packages referenced in the advisory, such as gdk-pixbuf2-2.36.12-5.el7_9. Administrators should apply the update promptly to mitigate the risk of service disruption.
Red Hat Product Errata RHSA-2026:12114 - Security Advisory Issued: 2026-04-30 Updated: 2026-04-30 RHSA-2026:12114 - Security Advisory Overview Updated Packages Synopsis Important: gdk-pixbuf2 security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for gdk-pixbuf2 is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The gdk-pixbuf2 packages provide an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. Security Fix(es): gdk-pixbuf: gdk-pixbuf: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image (CVE-2026-5201) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64 Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7 s390x Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7 ppc64 Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 ppc64le Fixes BZ - 2453291 - CVE-2026-5201 gdk-pixbuf: gdk-pixbuf: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image CVEs CVE-2026-5201 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 SRPM gdk-pixbuf2-2.36.12-5.el7_9.src.rpm SHA-256: 4b3874881d80ff46b1b04a68a673e24c4c55c2e797d5bf888c5cca16e496286b x86_64 gdk-pixbuf2-2.36.12-5.el7_9.i686.rpm SHA-256: 39004bb8786c4f523b3604193c5e81d48a33bccda8313169269bdb6609a00e6f gdk-pixbuf2-2.36.12-5.el7_9.x86_64.rpm SHA-256: b65e3c89e4454168baba298a5074eaa2ed1c2d72cfb96a672236c0f867cca5ee gdk-pixbuf2-debuginfo-2.36.12-5.el7_9.i686.rpm SHA-256: f19eb8e5ceedb7b16a04fb688c2a3c6aa88b2a82cf07b5102ee3f691f74e0560 gdk-pixbuf2-debuginfo-2.36.12-5.el7_9.x86_64.rpm SHA-256: c9e5c712d863052b53abd688e74ecab5ef9a34120ae64411b2a99740a595a7ec gdk-pixbuf2-debuginfo-2.36.12-5.el7_9.x86_64.rpm SHA-256: c9e5c712d863052b53abd688e74ecab5ef9a34120ae64411b2a99740a595a7ec gdk-pixbuf2-devel-2.36.12-5.el7_9.i686.rpm SHA-256: 78827bd0b2384a0e83294c772347a7789276c8a5483ab543ebca22b3565b5c12 gdk-pixbuf2-devel-2.36.12-5.el7_9.x86_64.rpm SHA-256: 345337d9d863bfe33c484b33a338d33b9e4fac2f18459ef53a8487db7179e553 gdk-pixbuf2-tests-2.36.12-5.el7_9.x86_64.rpm SHA-256: 8c4999e1f82205414acddcb059ea8685a6b0ea4b9a600b70063cfc5172a8e70f Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7 SRPM gdk-pixbuf2-2.36.12-5.el7_9.src.rpm SHA-256: 4b3874881d80ff46b1b04a68a673e24c4c55c2e797d5bf888c5cca16e496286b s390x gdk-pixbuf2-2.36.12-5.el7_9.s390.rpm SHA-256: 55d661ef3e278966f738cd962cd0b82abce041468ffc4207d15c49c00e9481c3 gdk-pixbuf2-2.36.12-5.el7_9.s390x.rpm SHA-256: eee8dbccaf633ad2aa4099315e2ef3e4c346d74929bfa5c4c2553a2084f6e59f gdk-pixbuf2-debuginfo-2.36.12-5.el7_9.s390.rpm SHA-256: 896230df2106657222c000267cdbf9a74c35be231a8327a77ddd8a9931e0584a gdk-pixbuf2-debuginfo-2.36.12-5.el7_9.s390x.rpm SHA-256: a39ef714e2334d3576daeeb06790adecc42d7b2283c996796af83133f73083a4 gdk-pixbuf2-debuginfo-2.36.12-5.el7_9.s390x.rpm SHA-256: a39ef714e2334d3576daeeb06790adecc42d7b2283c996796af83133f73083a4 gdk-pixbuf2-devel-2.36.12-5.el7_9.s390.rpm SHA-256: 93081ebcf9e9478ac0b83a0180981a073504c0b742aeee361d0ca9067a3fb7b9 gdk-pixbuf2-devel-2.36.12-5.el7_9.s390x.rpm SHA-256: caaa425128ef3d7830b9f645275c208a1f8a6206a5116e1042864622390af5be gdk-pixbuf2-tests-2.36.12-5.el7_9.s390x.rpm SHA-256: b61a850a183da91f19ca615c66e1aef165405acb369ac936548428c80d1fd414 Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7 SRPM gdk-pixbuf2-2.36.12-5.el7_9.src.rpm SHA-256: 4b3874881d80ff46b1b04a68a673e24c4c55c2e797d5bf888c5cca16e496286b ppc64 gdk-pixbuf2-2.36.12-5.el7_9.ppc.rpm SHA-256: 913c4b4b7e1f960273d2e2b921ab8b55398c83082ada893e7c5cdca352a2ce0c gdk-pixbuf2-2.36.12-5.el7_9.ppc64.rpm SHA-256: bed00c2e8914fde39150861eedc53348139bd168515ff50bf848369e27b1fe05 gdk-pixbuf2-debuginfo-2.36.12-5.el7_9.ppc.rpm SHA-256: dbfbe39adf7215fc2a0afd5bdc717bfc4dcb967390febdaf8adff45828f8487b gdk-pixbuf2-debuginfo-2.36.12-5.el7_9.ppc64.rpm SHA-256: 056226ffb2f51cb533b29ff1de3979caa1cbf7a3ce2c98e268f5ec09b85c45d1 gdk-pixbuf2-debuginfo-2.36.12-5.el7_9.ppc64.rpm SHA-256: 056226ffb2f51cb533b29ff1de3979caa1cbf7a3ce2c98e268f5ec09b85c45d1 gdk-pixbuf2-devel-2.36.12-5.el7_9.ppc.rpm SHA-256: 6937c4eaa6c12b8625671b7dabed77a49fa3505875539c75058cb915d5670c03 gdk-pixbuf2-devel-2.36.12-5.el7_9.ppc64.rpm SHA-256: 1c9efe9e43901ad9490bfd7309d1397efc6d854d4a3d25c25d3089ca3b3acd2c gdk-pixbuf2-tests-2.36.12-5.el7_9.ppc64.rpm SHA-256: f20e7fc9f373153ec05e32d05b91cdcc0ebc28fbddb44471b1dddce8e4516399 Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 SRPM gdk-pixbuf2-2.36.12-5.el7_9.src.rpm SHA-256: 4b3874881d80ff46b1b04a68a673e24c4c55c2e797d5bf888c5cca16e496286b ppc64le gdk-pixbuf2-2.36.12-5.el7_9.ppc64le.rpm SHA-256: 6f4e69a2921e6561312cac8d58252f19e832718a8c6f946eed2e55c0ced601da gdk-pixbuf2-debuginfo-2.36.12-5.el7_9.ppc64le.rpm SHA-256: c8d138c06fc128f9d34170cec948472e1d1f4e4344579ebf1a1f01fb9879896a gdk-pixbuf2-debuginfo-2.36.12-5.el7_9.ppc64le.rpm SHA-256: c8d138c06fc128f9d34170cec948472e1d1f4e4344579ebf1a1f01fb9879896a gdk-pixbuf2-devel-2.36.12-5.el7_9.ppc64le.rpm SHA-256: 743c2ca1e33a05d76008847272e6158c024ecd71fafd7b400cf8ae721df9c6d0 gdk-pixbuf2-tests-2.36.12-5.el7_9.ppc64le.rpm SHA-256: afd6db6ac19a7bdaa27209b3b67abfa72f78c6584e2294f4436305b68b3e9ff5 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .