CVE-2026-58380 PUBLISHED

Gimp: gimp: stack buffer overflow in pnmscanner_gettoken()

Assigner: redhat
Reserved: 30.06.2026 Published: 06.07.2026 Updated: 06.07.2026

A flaw was found in GIMP's PNM file format parser. When parsing a specially crafted PNM file, the pnmscanner_gettoken() function writes a null terminator one byte past the end of a stack-allocated buffer due to an off-by-one error in the loop boundary check. This could lead to memory corruption, potentially resulting in denial of service or arbitrary code execution.

Metrics

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CVSS Score: 7.3

Product Status

Vendor Red Hat
Product Red Hat Enterprise Linux 6
Versions Default: unknown
Vendor Red Hat
Product Red Hat Enterprise Linux 7
Versions Default: affected
Vendor Red Hat
Product Red Hat Enterprise Linux 8
Versions Default: affected
Vendor Red Hat
Product Red Hat Enterprise Linux 9
Versions Default: affected

Workarounds

None — requires opening a crafted PNM file.

Credits

  • Red Hat would like to thank bb1abu for reporting this issue.

References

Problem Types

  • Off-by-one Error CWE