Back

Critical Vulnerability in GDK-PixBuf Affects Multiple Ubuntu Releases

Severity: High (Score: 70.5)

Sources: Ubuntu, Linuxsecurity

Published: 2026-06-09 · Updated: 2026-06-10

Keywords: ubuntu, gdk-pixbuf, vulnerability, made, crash, programs, opened

Severity indicators: critical, vulnerability

Summary

A critical vulnerability in the GDK-PixBuf library has been identified, affecting Ubuntu 16.04 LTS, 18.04 LTS, and 20.04 LTS. This vulnerability allows an attacker to craft a malicious JPEG file that could cause GDK-PixBuf to crash or potentially execute arbitrary code. The issue was documented in USN-8156-1 and has been addressed in the latest updates. Users are advised to update their systems to mitigate the risk of denial of service or code execution. The vulnerability underscores the importance of regular system updates to maintain security. Ubuntu Pro users benefit from extended security coverage for these packages. Affected package versions include libgdk-pixbuf2.0-0 for all three Ubuntu releases. Standard system updates will apply the necessary changes to fix the vulnerability. Key Points: • GDK-PixBuf vulnerability allows for potential denial of service or code execution. • Affected Ubuntu versions include 16.04, 18.04, and 20.04 LTS. • Users should update to the latest package versions to mitigate risks.

Detailed Analysis

**Impact** Ubuntu 16.04 LTS, 18.04 LTS, and 20.04 LTS users are affected, including enterprises and individuals using these operating systems globally. The vulnerability allows attackers to cause denial of service or execute arbitrary code by exploiting GDK-PixBuf’s handling of crafted JPEG files. This could disrupt business operations relying on image processing or expose systems to remote compromise. No specific sectors or data types at risk were detailed. **Technical Details** The vulnerability arises from improper handling of certain JPEG files by the GDK-PixBuf library (libgdk-pixbuf2.0-0). Attackers can trigger crashes or remote code execution by delivering maliciously crafted image files. The issue was addressed in Ubuntu Security Notice USN-8156-1 and updated in USN-8156-2 for the affected Ubuntu releases. No CVE identifiers or specific malware/tool names were provided. The attack vector involves opening or processing malicious JPEG files, impacting the execution and denial of service stages of the kill chain. **Recommended Response** Apply the security updates provided in USN-8156-2 immediately, upgrading libgdk-pixbuf2.0-0 to the patched versions: 2.40.0+dfsg-3ubuntu0.5+esm3 (20.04 LTS), 2.36.11-2ubuntu0.1~esm3 (18.04 LTS), and 2.32.2-1ubuntu1.6+esm3 (16.04 LTS). Perform standard system updates to ensure all dependencies are secured. Monitor for crashes or unusual behavior in applications processing JPEG files. No specific detection signatures or IOCs were provided.

Source articles (2)

  • USN-8156-2: GDK — Ubuntu · 2026-06-09
    GDK-PixBuf could be made to crash or run programs if it opened a specially crafted file. USN-8156-1 fixed a vulnerability in GDK-PixBuf. This update provides the corresponding update for Ubuntu 16.04…
  • Ubuntu GDK-PixBuf Critical JPEG Denial Of Service Vulnerability USN-8156 — Linuxsecurity · 2026-06-09
    A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: GDK-PixBuf could be made to crash or run programs if it opened…

Timeline

  • 2026-06-09 — USN-8156-2 released: Ubuntu released an update addressing the GDK-PixBuf vulnerability affecting multiple LTS versions.
  • 2026-06-09 — Vulnerability details disclosed: It was discovered that GDK-PixBuf mishandled certain JPEG files, leading to potential crashes or arbitrary code execution.

Related entities

  • DDoS (Attack Type)
  • Denial of Service (Attack Type)
  • Cwe-119 - Improper Restriction Of Operations Within Memory Buffer (Cwe)
  • GDK-PixBuf (Platform)
  • Ubuntu (Company)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed