High7.5Red Hat & Ubuntu Linux Updated
Denial of Service via crafted GD 2.x image file
CVE-2026-55380 Published Jul 6, 2026Updated by vendor Jul 6, 2026
CVE-2026-55380
Affected products & platforms
Red Hat & Ubuntu LinuxUnclassified
Summary
Denial of Service via crafted GD 2.x image file. Red Hat rates this important (CVSS 7.5). Weakness: CWE-1285. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Mitigation checklist
Recommended fix / mitigation
- Avoid processing untrusted GD 2.x image files with PIL.GdImageFile.open(). Use Image.open() instead, which includes decompression bomb protections for supported formats. If GdImageFile must be used, validate the image dimensions before calling load(). Restricting accepted image formats at the application boundary to only those explicitly needed can reduce exposure.
Official advisory · high-confidence parse· fetched 4 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.