Home / mailings [SECURITY] [DSA 6206-1] gdk-pixbuf security update
Posted on 11 April 2026
Debian Security Advisory- -------------------------------------------------------------------------
Debian Security Advisory DSA-6206-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
April 11, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : gdk-pixbuf
CVE ID : CVE-2026-5201
Debian Bug : 1132501
It was discovered that gdk-pixbuf, the GDK Pixbuf library, does not
properly validate color component counts in the JPEG image loader, which
may result in the execution of arbitrary code or denial of service if
specially crafted JPEG images are processed.
For the oldstable distribution (bookworm), this problem has been fixed
in version 2.42.10+dfsg-1+deb12u4.
For the stable distribution (trixie), this problem has been fixed in
version 2.42.12+dfsg-4+deb13u1.
We recommend that you upgrade your gdk-pixbuf packages.
For the detailed security status of gdk-pixbuf please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/gdk-pixbuf
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
