Cyber Posture

CVE-2026-6384

High

Published: 15 April 2026

Published
15 April 2026
Modified
17 April 2026
KEV Added
Patch
CVSS Score 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0001 1.3th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-6384 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 1.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Flaw remediation requires timely patching of GIMP to fix the buffer overflow in the GIF image loading component, directly eliminating the vulnerability.

SI-16 Memory Protection good match
prevent

Memory protection safeguards such as ASLR and DEP prevent arbitrary code execution even if the buffer overflow in ReadJeffsImage is triggered by a crafted GIF file.

SI-10 Information Input Validation partial match
prevent

Information input validation enforces bounds checking on GIF file inputs to GIMP, mitigating the risk of buffer overflows from malformed images.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
attack.mitre.org →
T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
attack.mitre.org →
Why these techniques?

Buffer overflow in GIF loader enables RCE when user opens malicious file, directly mapping to client-side exploitation and malicious file execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A flaw was found in gimp. This buffer overflow vulnerability in the GIF image loading component's `ReadJeffsImage` function allows an attacker to write beyond an allocated buffer by processing a specially crafted GIF file. This can lead to a denial…

more

of service or potentially arbitrary code execution.

Deeper analysisAI

CVE-2026-6384 is a buffer overflow vulnerability (CWE-120) in the GIMP image editor, affecting its GIF image loading component, specifically the `ReadJeffsImage` function. Published on 2026-04-15, the flaw enables an attacker to write beyond an allocated buffer when GIMP processes a specially crafted GIF file. This can result in denial of service or potentially arbitrary code execution, with a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).

The vulnerability can be exploited by a local attacker with low privileges who tricks a user into opening a malicious GIF file in GIMP, as it requires user interaction and local access. Successful exploitation could allow the attacker to achieve high-impact effects on confidentiality, integrity, and availability, such as crashing the application or executing arbitrary code in the context of the user running GIMP.

Red Hat advisories provide details on this issue; see https://access.redhat.com/security/cve/CVE-2026-6384 for security guidance and https://bugzilla.redhat.com/show_bug.cgi?id=2458749 for the related bug report.

Details

CWE(s)
CWE-120

CVEs Like This One

CVE-2025-27830Shared CWE-120
CVE-2025-27834Shared CWE-120
CVE-2025-27835Shared CWE-120
CVE-2020-37050Shared CWE-120
CVE-2024-57509Shared CWE-120
CVE-2020-37075Shared CWE-120
CVE-2025-1430Shared CWE-120
CVE-2025-0725Shared CWE-120
CVE-2025-27832Shared CWE-120
CVE-2025-25723Shared CWE-120

References