What is CVE-2026-2239?

CVE-2026-2239 is a low-severity vulnerability in Red Hat Enterprise Linux 7, classified under Improper Null Termination. CVSS score: 2.8/10. Published 2026-03-26.

How severe is CVE-2026-2239?

Low severity. CVSS v3 base score is 2.8 out of 10.

Vulnerability in Red Hat Enterprise Linux 7

CVE-2026-2239

A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the fread_pascal_string function when processing a specially crafted PSD (Photoshop Document) file. This occurs because the buffer allocated for a Pascal string is not…

EPSS: 0.000 (1.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 2.8 (Low). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L.

Affected products

Weakness classification (CWE)

CWE-170 — Improper Null Termination

References

access.redhat.com/security/cve/CVE-2026-2239 (vdb-entry, x_refsource_REDHAT)
RHBZ#2437675 (issue-tracking, x_refsource_REDHAT)
gitlab.gnome.org/GNOME/gimp/-/issues/15812

Frequently asked questions

What is CVE-2026-2239?: CVE-2026-2239 is a low-severity vulnerability in Red Hat Enterprise Linux 7, classified under Improper Null Termination. CVSS score: 2.8/10. Published 2026-03-26.
How severe is CVE-2026-2239?: Low severity. CVSS v3 base score is 2.8 out of 10.