Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u8?distro=trixie

Type deb

Namespace debian

Name gimp

Version 3.0.4-3+deb13u8

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 3.0.4-6.1

Latest_non_vulnerable_version 3.2.4-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-d967-53mv-13b6

vulnerability_id VCID-d967-53mv-13b6

summary GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28863.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4152.json

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4152.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-4152

reference_id

reference_type

scores

value	0.00034
scoring_system	epss
scoring_elements	0.0989
published_at	2026-04-21T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18012
published_at	2026-04-13T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18106
published_at	2026-04-11T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18062
published_at	2026-04-12T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.17954
published_at	2026-04-16T12:55:00Z

value	0.00062
scoring_system	epss
scoring_elements	0.1934
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-4152

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4152
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4152

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2457533
reference_id	2457533
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2457533

reference_url

https://gitlab.gnome.org/GNOME/gimp/-/commit/f64c9c23ba3c37dc7b875a9fb477c23953b4666e

reference_id

f64c9c23ba3c37dc7b875a9fb477c23953b4666e

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:24:03Z/

url

https://gitlab.gnome.org/GNOME/gimp/-/commit/f64c9c23ba3c37dc7b875a9fb477c23953b4666e

reference_url

https://www.zerodayinitiative.com/advisories/ZDI-26-219/

reference_id

ZDI-26-219

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:24:03Z/

url

https://www.zerodayinitiative.com/advisories/ZDI-26-219/

fixed_packages

url pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5?distro=trixie

purl pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hm4-srhz-tqhb

vulnerability	VCID-9v2z-2myu-bfd3

vulnerability	VCID-d967-53mv-13b6

vulnerability	VCID-dkmg-nu4f-xbay

vulnerability	VCID-fraw-9hj8-vbhs

vulnerability	VCID-gfzg-1hvp-5ugd

vulnerability	VCID-hj85-sup9-abft

vulnerability	VCID-ney7-z8qy-kuce

vulnerability	VCID-va44-vsem-xuf5

vulnerability	VCID-wkrp-v537-x3hy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5%3Fdistro=trixie

url	pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u10?distro=trixie
purl	pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u10?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u10%3Fdistro=trixie

url pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u7?distro=trixie

purl pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u7?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hm4-srhz-tqhb

vulnerability	VCID-9v2z-2myu-bfd3

vulnerability	VCID-d967-53mv-13b6

vulnerability	VCID-dkmg-nu4f-xbay

vulnerability	VCID-fraw-9hj8-vbhs

vulnerability	VCID-hj85-sup9-abft

vulnerability	VCID-ney7-z8qy-kuce

vulnerability	VCID-rw3k-nfe2-4qd2

vulnerability	VCID-va44-vsem-xuf5

vulnerability	VCID-wkrp-v537-x3hy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.0.4-3%252Bdeb13u7%3Fdistro=trixie

url	pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u8?distro=trixie
purl	pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u8?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.0.4-3%252Bdeb13u8%3Fdistro=trixie

url	pkg:deb/debian/gimp@3.2.0-1?distro=trixie
purl	pkg:deb/debian/gimp@3.2.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.0-1%3Fdistro=trixie

url	pkg:deb/debian/gimp@3.2.2-1?distro=trixie
purl	pkg:deb/debian/gimp@3.2.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.2-1%3Fdistro=trixie

url	pkg:deb/debian/gimp@3.2.4-1?distro=trixie
purl	pkg:deb/debian/gimp@3.2.4-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.4-1%3Fdistro=trixie

aliases CVE-2026-4152

risk_score 3.5

exploitability 0.5

weighted_severity 7.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d967-53mv-13b6

url VCID-dda3-khwb-q7bn

vulnerability_id VCID-dda3-khwb-q7bn

summary gimp: GIMP: Application crashes or information disclosure via crafted ICNS image files

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40917.json

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40917.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-40917

reference_id

reference_type

scores

value	0.00013
scoring_system	epss
scoring_elements	0.0223
published_at	2026-04-21T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02046
published_at	2026-04-16T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02059
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-40917

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2458746

reference_id

2458746

reference_type

scores

value	5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T19:24:56Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2458746

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
reference_id	cpe:/o:redhat:enterprise_linux:6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
reference_id	cpe:/o:redhat:enterprise_linux:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
reference_id	cpe:/o:redhat:enterprise_linux:8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
reference_id	cpe:/o:redhat:enterprise_linux:9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9

reference_url

https://access.redhat.com/security/cve/CVE-2026-40917

reference_id

CVE-2026-40917

reference_type

scores

value	5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T19:24:56Z/

url

https://access.redhat.com/security/cve/CVE-2026-40917

fixed_packages

url	pkg:deb/debian/gimp@0?distro=trixie
purl	pkg:deb/debian/gimp@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@0%3Fdistro=trixie

url pkg:deb/debian/gimp@2.10.22-4%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/gimp@2.10.22-4%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hm4-srhz-tqhb

vulnerability	VCID-3sqk-cbwn-tqa7

vulnerability	VCID-9v2z-2myu-bfd3

vulnerability	VCID-d967-53mv-13b6

vulnerability	VCID-dkmg-nu4f-xbay

vulnerability	VCID-fraw-9hj8-vbhs

vulnerability	VCID-gfzg-1hvp-5ugd

vulnerability	VCID-hj85-sup9-abft

vulnerability	VCID-ney7-z8qy-kuce

vulnerability	VCID-va44-vsem-xuf5

vulnerability	VCID-wkrp-v537-x3hy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.22-4%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5?distro=trixie

purl pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hm4-srhz-tqhb

vulnerability	VCID-9v2z-2myu-bfd3

vulnerability	VCID-d967-53mv-13b6

vulnerability	VCID-dkmg-nu4f-xbay

vulnerability	VCID-fraw-9hj8-vbhs

vulnerability	VCID-gfzg-1hvp-5ugd

vulnerability	VCID-hj85-sup9-abft

vulnerability	VCID-ney7-z8qy-kuce

vulnerability	VCID-va44-vsem-xuf5

vulnerability	VCID-wkrp-v537-x3hy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5%3Fdistro=trixie

url pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u7?distro=trixie

purl pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u7?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hm4-srhz-tqhb

vulnerability	VCID-9v2z-2myu-bfd3

vulnerability	VCID-d967-53mv-13b6

vulnerability	VCID-dkmg-nu4f-xbay

vulnerability	VCID-fraw-9hj8-vbhs

vulnerability	VCID-hj85-sup9-abft

vulnerability	VCID-ney7-z8qy-kuce

vulnerability	VCID-rw3k-nfe2-4qd2

vulnerability	VCID-va44-vsem-xuf5

vulnerability	VCID-wkrp-v537-x3hy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.0.4-3%252Bdeb13u7%3Fdistro=trixie

url	pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u8?distro=trixie
purl	pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u8?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.0.4-3%252Bdeb13u8%3Fdistro=trixie

url	pkg:deb/debian/gimp@3.2.2-1?distro=trixie
purl	pkg:deb/debian/gimp@3.2.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.2-1%3Fdistro=trixie

url	pkg:deb/debian/gimp@3.2.4-1?distro=trixie
purl	pkg:deb/debian/gimp@3.2.4-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.4-1%3Fdistro=trixie

aliases CVE-2026-40917

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dda3-khwb-q7bn

url VCID-dkmg-nu4f-xbay

vulnerability_id VCID-dkmg-nu4f-xbay

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4150.json

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4150.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-4150

reference_id

reference_type

scores

value	0.00037
scoring_system	epss
scoring_elements	0.11044
published_at	2026-04-21T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.19651
published_at	2026-04-11T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.19603
published_at	2026-04-12T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.19508
published_at	2026-04-16T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.19544
published_at	2026-04-13T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.20973
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-4150

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4150
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4150

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.gnome.org/GNOME/gimp/-/commit/00afdabdadeb5457fd897878b1e5aebc3780af10

reference_id

00afdabdadeb5457fd897878b1e5aebc3780af10

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:25:13Z/

url

https://gitlab.gnome.org/GNOME/gimp/-/commit/00afdabdadeb5457fd897878b1e5aebc3780af10

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2457535
reference_id	2457535
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2457535

reference_url

https://www.zerodayinitiative.com/advisories/ZDI-26-217/

reference_id

ZDI-26-217

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:25:13Z/

url

https://www.zerodayinitiative.com/advisories/ZDI-26-217/

fixed_packages

url pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5?distro=trixie

purl pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hm4-srhz-tqhb

vulnerability	VCID-9v2z-2myu-bfd3

vulnerability	VCID-d967-53mv-13b6

vulnerability	VCID-dkmg-nu4f-xbay

vulnerability	VCID-fraw-9hj8-vbhs

vulnerability	VCID-gfzg-1hvp-5ugd

vulnerability	VCID-hj85-sup9-abft

vulnerability	VCID-ney7-z8qy-kuce

vulnerability	VCID-va44-vsem-xuf5

vulnerability	VCID-wkrp-v537-x3hy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5%3Fdistro=trixie

url	pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u10?distro=trixie
purl	pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u10?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u10%3Fdistro=trixie

url pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u7?distro=trixie

purl pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u7?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hm4-srhz-tqhb

vulnerability	VCID-9v2z-2myu-bfd3

vulnerability	VCID-d967-53mv-13b6

vulnerability	VCID-dkmg-nu4f-xbay

vulnerability	VCID-fraw-9hj8-vbhs

vulnerability	VCID-hj85-sup9-abft

vulnerability	VCID-ney7-z8qy-kuce

vulnerability	VCID-rw3k-nfe2-4qd2

vulnerability	VCID-va44-vsem-xuf5

vulnerability	VCID-wkrp-v537-x3hy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.0.4-3%252Bdeb13u7%3Fdistro=trixie

url	pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u8?distro=trixie
purl	pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u8?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.0.4-3%252Bdeb13u8%3Fdistro=trixie

url	pkg:deb/debian/gimp@3.2.0-1?distro=trixie
purl	pkg:deb/debian/gimp@3.2.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.0-1%3Fdistro=trixie

url	pkg:deb/debian/gimp@3.2.2-1?distro=trixie
purl	pkg:deb/debian/gimp@3.2.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.2-1%3Fdistro=trixie

url	pkg:deb/debian/gimp@3.2.4-1?distro=trixie
purl	pkg:deb/debian/gimp@3.2.4-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.4-1%3Fdistro=trixie

aliases CVE-2026-4150

risk_score 3.5

exploitability 0.5

weighted_severity 7.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dkmg-nu4f-xbay

url VCID-ney7-z8qy-kuce

vulnerability_id VCID-ney7-z8qy-kuce

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4153.json

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4153.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-4153

reference_id

reference_type

scores

value	0.00058
scoring_system	epss
scoring_elements	0.18106
published_at	2026-04-11T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18062
published_at	2026-04-12T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.17954
published_at	2026-04-16T12:55:00Z

value	0.00058
scoring_system	epss
scoring_elements	0.18012
published_at	2026-04-13T12:55:00Z

value	0.00062
scoring_system	epss
scoring_elements	0.19354
published_at	2026-04-21T12:55:00Z

value	0.00062
scoring_system	epss
scoring_elements	0.1934
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-4153

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4153
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4153

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2457536
reference_id	2457536
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2457536

reference_url

https://gitlab.gnome.org/GNOME/gimp/-/commit/98cb1371fd4e22cca75017ea3252dc32fc218712

reference_id

98cb1371fd4e22cca75017ea3252dc32fc218712

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T18:24:23Z/

url

https://gitlab.gnome.org/GNOME/gimp/-/commit/98cb1371fd4e22cca75017ea3252dc32fc218712

reference_url

https://www.zerodayinitiative.com/advisories/ZDI-26-220/

reference_id

ZDI-26-220

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T18:24:23Z/

url

https://www.zerodayinitiative.com/advisories/ZDI-26-220/

fixed_packages

url pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5?distro=trixie

purl pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hm4-srhz-tqhb

vulnerability	VCID-9v2z-2myu-bfd3

vulnerability	VCID-d967-53mv-13b6

vulnerability	VCID-dkmg-nu4f-xbay

vulnerability	VCID-fraw-9hj8-vbhs

vulnerability	VCID-gfzg-1hvp-5ugd

vulnerability	VCID-hj85-sup9-abft

vulnerability	VCID-ney7-z8qy-kuce

vulnerability	VCID-va44-vsem-xuf5

vulnerability	VCID-wkrp-v537-x3hy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5%3Fdistro=trixie

url	pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u10?distro=trixie
purl	pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u10?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u10%3Fdistro=trixie

url pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u7?distro=trixie

purl pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u7?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hm4-srhz-tqhb

vulnerability	VCID-9v2z-2myu-bfd3

vulnerability	VCID-d967-53mv-13b6

vulnerability	VCID-dkmg-nu4f-xbay

vulnerability	VCID-fraw-9hj8-vbhs

vulnerability	VCID-hj85-sup9-abft

vulnerability	VCID-ney7-z8qy-kuce

vulnerability	VCID-rw3k-nfe2-4qd2

vulnerability	VCID-va44-vsem-xuf5

vulnerability	VCID-wkrp-v537-x3hy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.0.4-3%252Bdeb13u7%3Fdistro=trixie

url	pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u8?distro=trixie
purl	pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u8?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.0.4-3%252Bdeb13u8%3Fdistro=trixie

url	pkg:deb/debian/gimp@3.2.0-1?distro=trixie
purl	pkg:deb/debian/gimp@3.2.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.0-1%3Fdistro=trixie

url	pkg:deb/debian/gimp@3.2.2-1?distro=trixie
purl	pkg:deb/debian/gimp@3.2.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.2-1%3Fdistro=trixie

url	pkg:deb/debian/gimp@3.2.4-1?distro=trixie
purl	pkg:deb/debian/gimp@3.2.4-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.4-1%3Fdistro=trixie

aliases CVE-2026-4153

risk_score 3.5

exploitability 0.5

weighted_severity 7.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ney7-z8qy-kuce

url VCID-va44-vsem-xuf5

vulnerability_id VCID-va44-vsem-xuf5

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4151.json

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4151.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-4151

reference_id

reference_type

scores

value	0.00037
scoring_system	epss
scoring_elements	0.11044
published_at	2026-04-21T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.19651
published_at	2026-04-11T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.19603
published_at	2026-04-12T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.19508
published_at	2026-04-16T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.19544
published_at	2026-04-13T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.20973
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-4151

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4151
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4151

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.gnome.org/GNOME/gimp/-/commit/09e5459de913172fc51da3bd6b6adc533acd368e

reference_id

09e5459de913172fc51da3bd6b6adc533acd368e

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:24:45Z/

url

https://gitlab.gnome.org/GNOME/gimp/-/commit/09e5459de913172fc51da3bd6b6adc533acd368e

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2457532
reference_id	2457532
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2457532

reference_url

https://www.zerodayinitiative.com/advisories/ZDI-26-218/

reference_id

ZDI-26-218

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:24:45Z/

url

https://www.zerodayinitiative.com/advisories/ZDI-26-218/

fixed_packages

url	pkg:deb/debian/gimp@0?distro=trixie
purl	pkg:deb/debian/gimp@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@0%3Fdistro=trixie

url pkg:deb/debian/gimp@2.10.22-4%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/gimp@2.10.22-4%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hm4-srhz-tqhb

vulnerability	VCID-3sqk-cbwn-tqa7

vulnerability	VCID-9v2z-2myu-bfd3

vulnerability	VCID-d967-53mv-13b6

vulnerability	VCID-dkmg-nu4f-xbay

vulnerability	VCID-fraw-9hj8-vbhs

vulnerability	VCID-gfzg-1hvp-5ugd

vulnerability	VCID-hj85-sup9-abft

vulnerability	VCID-ney7-z8qy-kuce

vulnerability	VCID-va44-vsem-xuf5

vulnerability	VCID-wkrp-v537-x3hy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.22-4%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5?distro=trixie

purl pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u5?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hm4-srhz-tqhb

vulnerability	VCID-9v2z-2myu-bfd3

vulnerability	VCID-d967-53mv-13b6

vulnerability	VCID-dkmg-nu4f-xbay

vulnerability	VCID-fraw-9hj8-vbhs

vulnerability	VCID-gfzg-1hvp-5ugd

vulnerability	VCID-hj85-sup9-abft

vulnerability	VCID-ney7-z8qy-kuce

vulnerability	VCID-va44-vsem-xuf5

vulnerability	VCID-wkrp-v537-x3hy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u5%3Fdistro=trixie

url pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u7?distro=trixie

purl pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u7?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hm4-srhz-tqhb

vulnerability	VCID-9v2z-2myu-bfd3

vulnerability	VCID-d967-53mv-13b6

vulnerability	VCID-dkmg-nu4f-xbay

vulnerability	VCID-fraw-9hj8-vbhs

vulnerability	VCID-hj85-sup9-abft

vulnerability	VCID-ney7-z8qy-kuce

vulnerability	VCID-rw3k-nfe2-4qd2

vulnerability	VCID-va44-vsem-xuf5

vulnerability	VCID-wkrp-v537-x3hy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.0.4-3%252Bdeb13u7%3Fdistro=trixie

url	pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u8?distro=trixie
purl	pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u8?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.0.4-3%252Bdeb13u8%3Fdistro=trixie

url	pkg:deb/debian/gimp@3.2.0-1?distro=trixie
purl	pkg:deb/debian/gimp@3.2.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.0-1%3Fdistro=trixie

url	pkg:deb/debian/gimp@3.2.2-1?distro=trixie
purl	pkg:deb/debian/gimp@3.2.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.2-1%3Fdistro=trixie

url	pkg:deb/debian/gimp@3.2.4-1?distro=trixie
purl	pkg:deb/debian/gimp@3.2.4-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.4-1%3Fdistro=trixie

aliases CVE-2026-4151

risk_score 3.5

exploitability 0.5

weighted_severity 7.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-va44-vsem-xuf5

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.0.4-3%252Bdeb13u8%3Fdistro=trixie

Package Instance