{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84230?format=json","vulnerability_id":"VCID-mqa4-pepu-53gz","summary":"A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the FITS image loader by providing a specially crafted FITS file. This integer overflow leads to a zero-byte memory allocation, which is then subjected to a heap buffer overflow when processing pixel data. Successful exploitation could result in a denial of service (DoS) or potentially arbitrary code execution.","aliases":[{"alias":"CVE-2026-40915"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/43225?format=json","purl":"pkg:deb/debian/gimp@3.2.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/43172?format=json","purl":"pkg:deb/debian/gimp@3.2.4-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.2.4-2%3Fdistro=trixie"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/43171?format=json","purl":"pkg:deb/debian/gimp@2.10.22-4%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8xbe-9hp9-bfh4"},{"vulnerability":"VCID-d1rw-etzn-37bs"},{"vulnerability":"VCID-eyyg-rjw2-bkau"},{"vulnerability":"VCID-gefv-9vbu-f7ac"},{"vulnerability":"VCID-mqa4-pepu-53gz"},{"vulnerability":"VCID-wupj-s4k2-h7d5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.22-4%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/43169?format=json","purl":"pkg:deb/debian/gimp@2.10.34-1%2Bdeb12u10?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d1rw-etzn-37bs"},{"vulnerability":"VCID-eyyg-rjw2-bkau"},{"vulnerability":"VCID-gefv-9vbu-f7ac"},{"vulnerability":"VCID-mqa4-pepu-53gz"},{"vulnerability":"VCID-wupj-s4k2-h7d5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@2.10.34-1%252Bdeb12u10%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/43173?format=json","purl":"pkg:deb/debian/gimp@3.0.4-3%2Bdeb13u8?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4her-sras-4uhg"},{"vulnerability":"VCID-d1rw-etzn-37bs"},{"vulnerability":"VCID-eyyg-rjw2-bkau"},{"vulnerability":"VCID-mqa4-pepu-53gz"},{"vulnerability":"VCID-wupj-s4k2-h7d5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gimp@3.0.4-3%252Bdeb13u8%3Fdistro=trixie"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40915.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40915.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40915","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06642","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40915"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40915","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40915"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9","reference_id":"cpe:/o:redhat:enterprise_linux:9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-40915","reference_id":"CVE-2026-40915","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T19:32:48Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-40915"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458744","reference_id":"show_bug.cgi?id=2458744","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T19:32:48Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458744"}],"weaknesses":[{"cwe_id":190,"name":"Integer Overflow or Wraparound","description":"The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control."}],"exploits":[],"severity_range_score":"5.5 - 5.5","exploitability":"0.5","weighted_severity":"5.0","risk_score":2.5,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mqa4-pepu-53gz"}