| Package | gdk-pixbuf |
|---|---|
| Version | 2.36.5-2+deb9u5 (stretch), 2.38.1+dfsg-1+deb10u3 (buster) |
| Related CVEs | CVE-2026-5201 |
It was discovered that gdk-pixbuf, the GDK Pixbuf library, does not properly validate color component counts in the JPEG image loader, which may result in the execution of arbitrary code or denial of service if specially crafted JPEG images are processed.
For Debian 10 buster, these problems have been fixed in version 2.38.1+dfsg-1+deb10u3.
For Debian 9 stretch, these problems have been fixed in version 2.36.5-2+deb9u5.
We recommend that you upgrade your gdk-pixbuf packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.