Gdk-pixbuf: gdk-pixbuf: denial of service via heap-based buffer overflow when processing a specially crafted jpeg image — CVE-2026-5201

Summary

Advisory CVE-2026-5201. Gdk-pixbuf: gdk-pixbuf: denial of service via heap-based buffer overflow when processing a specially crafted jpeg image Vendor: Microsoft. Source: MSRC. Threat: high. CVSS 7.5. See the official advisory for details.

What to do

General, cautious steps (verify details in the official source):

• Prioritize patching or mitigation immediately (treat as actively risky).
• Identify affected product versions in your inventory and verify whether you are impacted.
• Apply vendor patches/updates or recommended mitigations as soon as available.
• Read the official advisory for exact affected versions and remediation steps.

Official advisory

Read the official source

Related advisories

• iconv crash due to assertion failure with untrusted input CVE-2026-4046
• Infinite loop in github.com/antchfx/xpath CVE-2026-32287
• Libarchive: libarchive: arbitrary code execution via integer overflow in iso9660 image processing CVE-2026-5121
• Mariner CVE-2026-33554
• NATS has MQTT plaintext password disclosure CVE-2026-33216
• NATS Server panic via malicious compression on leafnode port CVE-2026-29785
• Mariner CVE-2026-21710
• Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation) CVE-2026-33896
• Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input CVE-2026-33891
• Forge has signature forgery in Ed25519 due to missing S > L check CVE-2026-33895
• Handlebars.js has Denial of Service via Malformed Decorator Syntax in Template Compilation CVE-2026-33939
• Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options CVE-2026-33941