CVE-2026-58379 PUBLISHED

Gimp: gimp: heap buffer overflow in read_channel_data()

Assigner: redhat
Reserved: 30.06.2026 Published: 03.07.2026 Updated: 03.07.2026

A flaw was found in GIMP's Paint Shop Pro (PSP) file format parser. This heap buffer overflow vulnerability allows a remote attacker to cause arbitrary code execution or a denial of service (DoS) by tricking a user into opening a specially crafted PSP image file. The vulnerability occurs because the software incorrectly calculates buffer sizes when processing low bit-depth images, leading to an overwrite of adjacent memory.

Metrics

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CVSS Score: 7.3

Product Status

Vendor Red Hat
Product Red Hat Enterprise Linux 6
Versions Default: unaffected
Vendor Red Hat
Product Red Hat Enterprise Linux 7
Versions Default: unaffected
Vendor Red Hat
Product Red Hat Enterprise Linux 8
Versions Default: unaffected
Vendor Red Hat
Product Red Hat Enterprise Linux 9
Versions Default: affected

Workarounds

To mitigate this vulnerability, users should avoid opening untrusted Paint Shop Pro (PSP) image files with GIMP. As a general security practice, it is recommended to only process image files from trusted sources. If GIMP is not essential, consider removing the package to eliminate the attack surface.

References

Problem Types

  • Heap-based Buffer Overflow CWE