{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"MEDIUM" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"A vulnerability was found in GIMP (Image Processing Software) (the affected version unknown). It has been rated as problematic.Using CWE to declare the problem leads to CWE-190. The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.Impacted is availability.The exploit is available at bugzilla.redhat.com. It is declared as proof-of-concept.There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.The vulnerability is also documented in the vulnerability database at CERT Bund (WID-SEC-2026-0361).", "category":"general", "title":"Synopsis" } ], "publisher":null, "references":[ { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2272" }, { "summary":"CVE-2026-2272 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/cve/2026/csaf-openeuler-cve-2026-2272.json" }, { "summary":"openEuler-SA-2026-1486", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1486" }, { "summary":"CVE-2026-2272", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-2272&packageName=gimp" } ], "title":"openEuler cve CVE-2026-2272", "tracking":{ "initial_release_date":"2026-03-02T14:29:08+08:00", "revision_history":[ { "date":"2026-03-02T14:29:08+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2026-03-02T14:29:08+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2026-03-02T14:29:08+08:00", "id":"CVE-2026-2272", "version":"1.0.0", "status":"interim" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"openEuler-20.03-LTS-SP4", "name":"openEuler-20.03-LTS-SP4" }, "name":"openEuler-20.03-LTS-SP4", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"gimp-2.10.6-18.oe2003sp4.aarch64.rpm", "name":"gimp-2.10.6-18.oe2003sp4.aarch64.rpm" }, "name":"gimp-2.10.6-18.oe2003sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"gimp-debuginfo-2.10.6-18.oe2003sp4.aarch64.rpm", "name":"gimp-debuginfo-2.10.6-18.oe2003sp4.aarch64.rpm" }, "name":"gimp-debuginfo-2.10.6-18.oe2003sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"gimp-debugsource-2.10.6-18.oe2003sp4.aarch64.rpm", "name":"gimp-debugsource-2.10.6-18.oe2003sp4.aarch64.rpm" }, "name":"gimp-debugsource-2.10.6-18.oe2003sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"gimp-devel-2.10.6-18.oe2003sp4.aarch64.rpm", "name":"gimp-devel-2.10.6-18.oe2003sp4.aarch64.rpm" }, "name":"gimp-devel-2.10.6-18.oe2003sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"gimp-help-2.10.6-18.oe2003sp4.aarch64.rpm", "name":"gimp-help-2.10.6-18.oe2003sp4.aarch64.rpm" }, "name":"gimp-help-2.10.6-18.oe2003sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"gimp-libs-2.10.6-18.oe2003sp4.aarch64.rpm", "name":"gimp-libs-2.10.6-18.oe2003sp4.aarch64.rpm" }, "name":"gimp-libs-2.10.6-18.oe2003sp4.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"gimp-2.10.6-18.oe2003sp4.src.rpm", "name":"gimp-2.10.6-18.oe2003sp4.src.rpm" }, "name":"gimp-2.10.6-18.oe2003sp4.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"gimp-2.10.6-18.oe2003sp4.x86_64.rpm", "name":"gimp-2.10.6-18.oe2003sp4.x86_64.rpm" }, "name":"gimp-2.10.6-18.oe2003sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"gimp-debuginfo-2.10.6-18.oe2003sp4.x86_64.rpm", "name":"gimp-debuginfo-2.10.6-18.oe2003sp4.x86_64.rpm" }, "name":"gimp-debuginfo-2.10.6-18.oe2003sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"gimp-debugsource-2.10.6-18.oe2003sp4.x86_64.rpm", "name":"gimp-debugsource-2.10.6-18.oe2003sp4.x86_64.rpm" }, "name":"gimp-debugsource-2.10.6-18.oe2003sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"gimp-devel-2.10.6-18.oe2003sp4.x86_64.rpm", "name":"gimp-devel-2.10.6-18.oe2003sp4.x86_64.rpm" }, "name":"gimp-devel-2.10.6-18.oe2003sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"gimp-help-2.10.6-18.oe2003sp4.x86_64.rpm", "name":"gimp-help-2.10.6-18.oe2003sp4.x86_64.rpm" }, "name":"gimp-help-2.10.6-18.oe2003sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"gimp-libs-2.10.6-18.oe2003sp4.x86_64.rpm", "name":"gimp-libs-2.10.6-18.oe2003sp4.x86_64.rpm" }, "name":"gimp-libs-2.10.6-18.oe2003sp4.x86_64.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"gimp-2.10.6-18.oe2003sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:gimp-2.10.6-18.oe2003sp4.aarch64", "name":"gimp-2.10.6-18.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"gimp-debuginfo-2.10.6-18.oe2003sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:gimp-debuginfo-2.10.6-18.oe2003sp4.aarch64", "name":"gimp-debuginfo-2.10.6-18.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"gimp-debugsource-2.10.6-18.oe2003sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:gimp-debugsource-2.10.6-18.oe2003sp4.aarch64", "name":"gimp-debugsource-2.10.6-18.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"gimp-devel-2.10.6-18.oe2003sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:gimp-devel-2.10.6-18.oe2003sp4.aarch64", "name":"gimp-devel-2.10.6-18.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"gimp-help-2.10.6-18.oe2003sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:gimp-help-2.10.6-18.oe2003sp4.aarch64", "name":"gimp-help-2.10.6-18.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"gimp-libs-2.10.6-18.oe2003sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:gimp-libs-2.10.6-18.oe2003sp4.aarch64", "name":"gimp-libs-2.10.6-18.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"gimp-2.10.6-18.oe2003sp4.src.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:gimp-2.10.6-18.oe2003sp4.src", "name":"gimp-2.10.6-18.oe2003sp4.src as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"gimp-2.10.6-18.oe2003sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:gimp-2.10.6-18.oe2003sp4.x86_64", "name":"gimp-2.10.6-18.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"gimp-debuginfo-2.10.6-18.oe2003sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:gimp-debuginfo-2.10.6-18.oe2003sp4.x86_64", "name":"gimp-debuginfo-2.10.6-18.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"gimp-debugsource-2.10.6-18.oe2003sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:gimp-debugsource-2.10.6-18.oe2003sp4.x86_64", "name":"gimp-debugsource-2.10.6-18.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"gimp-devel-2.10.6-18.oe2003sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:gimp-devel-2.10.6-18.oe2003sp4.x86_64", "name":"gimp-devel-2.10.6-18.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"gimp-help-2.10.6-18.oe2003sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:gimp-help-2.10.6-18.oe2003sp4.x86_64", "name":"gimp-help-2.10.6-18.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"gimp-libs-2.10.6-18.oe2003sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:gimp-libs-2.10.6-18.oe2003sp4.x86_64", "name":"gimp-libs-2.10.6-18.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2026-2272", "notes":[ { "text":"A vulnerability was found in GIMP (Image Processing Software) (the affected version unknown). It has been rated as problematic.Using CWE to declare the problem leads to CWE-190. The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.Impacted is availability.The exploit is available at bugzilla.redhat.com. It is declared as proof-of-concept.There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.The vulnerability is also documented in the vulnerability database at CERT Bund (WID-SEC-2026-0361).", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP4:gimp-2.10.6-18.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:gimp-debuginfo-2.10.6-18.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:gimp-debugsource-2.10.6-18.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:gimp-devel-2.10.6-18.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:gimp-help-2.10.6-18.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:gimp-libs-2.10.6-18.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:gimp-2.10.6-18.oe2003sp4.src", "openEuler-20.03-LTS-SP4:gimp-2.10.6-18.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:gimp-debuginfo-2.10.6-18.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:gimp-debugsource-2.10.6-18.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:gimp-devel-2.10.6-18.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:gimp-help-2.10.6-18.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:gimp-libs-2.10.6-18.oe2003sp4.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP4:gimp-2.10.6-18.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:gimp-debuginfo-2.10.6-18.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:gimp-debugsource-2.10.6-18.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:gimp-devel-2.10.6-18.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:gimp-help-2.10.6-18.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:gimp-libs-2.10.6-18.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:gimp-2.10.6-18.oe2003sp4.src", "openEuler-20.03-LTS-SP4:gimp-2.10.6-18.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:gimp-debuginfo-2.10.6-18.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:gimp-debugsource-2.10.6-18.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:gimp-devel-2.10.6-18.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:gimp-help-2.10.6-18.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:gimp-libs-2.10.6-18.oe2003sp4.x86_64" ], "details":"gimp security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1486" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":4.3, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP4:gimp-2.10.6-18.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:gimp-debuginfo-2.10.6-18.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:gimp-debugsource-2.10.6-18.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:gimp-devel-2.10.6-18.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:gimp-help-2.10.6-18.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:gimp-libs-2.10.6-18.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:gimp-2.10.6-18.oe2003sp4.src", "openEuler-20.03-LTS-SP4:gimp-2.10.6-18.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:gimp-debuginfo-2.10.6-18.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:gimp-debugsource-2.10.6-18.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:gimp-devel-2.10.6-18.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:gimp-help-2.10.6-18.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:gimp-libs-2.10.6-18.oe2003sp4.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-2272" } ] }