CVE-2026-5201

High

Published: 31 March 2026

Published

31 March 2026

Modified

01 May 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0075 73.1th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-5201 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Redhat Enterprise Linux. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 26.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Application or System Exploitation (T1499.004). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mandates timely flaw remediation by applying patches such as Red Hat errata for the gdk-pixbuf heap buffer overflow vulnerability.

SI-10 Information Input Validation good match

prevent

Requires validation of JPEG image inputs, including color component counts, to prevent heap-based buffer overflows in the gdk-pixbuf loader.

SI-16 Memory Protection partial match

prevent

Implements memory protection mechanisms that mitigate exploitation of the heap buffer overflow, reducing the risk of crashes and DoS from malformed JPEGs.

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

The heap buffer overflow in the JPEG loader directly enables remote exploitation of the image processing library to crash applications, mapping to application/system exploitation for endpoint DoS with no other impacts or execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this…

flaw without user interaction, for example, via thumbnail generation. Successful exploitation leads to application crashes and denial of service (DoS) conditions.

Deeper analysisAI

CVE-2026-5201 is a heap-based buffer overflow vulnerability in the gdk-pixbuf library's JPEG image loader, stemming from improper validation of color component counts when processing specially crafted JPEG images. Published on 2026-03-31, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and is associated with CWE-122 (Heap-based Buffer Overflow). The flaw affects the gdk-pixbuf library, commonly used in graphical applications for image processing.

A remote attacker can exploit this vulnerability without user interaction or privileges, for instance by tricking systems into generating thumbnails from malicious JPEG files. Successful exploitation triggers application crashes, resulting in denial-of-service (DoS) conditions with high availability impact but no confidentiality or integrity effects.

Red Hat has addressed this issue through multiple security errata, including RHSA-2026:10707, RHSA-2026:10708, RHSA-2026:10741, RHSA-2026:11325, and RHSA-2026:11326, which provide updated packages for affected gdk-pixbuf versions in various Red Hat products. Security practitioners should apply these patches promptly to mitigate the risk.