CVE-2026-58380

GIMP (via Red Hat) · GIMP

An off-by-one error in GIMP's PNM file format parser may cause memory corruption when processing malformed files.

Executive summary

An off-by-one error in GIMP’s PNM parser presents a high-severity risk, potentially allowing for application crashes or unauthorized code execution upon opening malicious image files.

Vulnerability

This vulnerability (CWE-193) stems from an off-by-one error during the parsing of PNM images, which can be triggered when a user opens a malicious file, leading to memory corruption.

Business impact

The vulnerability carries a CVSS score of 7.3, indicating a high risk of system instability or unauthorized code execution. In a corporate environment, this could lead to the compromise of user accounts and the potential loss of sensitive data if the application process is manipulated to execute attacker-supplied payloads.

Remediation

Immediate Action: Update the GIMP application to the latest version via your repository manager or vendor-supplied security patches.

Proactive Monitoring: Monitor for application instability or recurring crashes of image-processing utilities within the organization.

Compensating Controls: Restrict user access to untrusted file sources and ensure that GIMP is configured to run with limited user permissions to minimize the blast radius of potential exploitation.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Security teams should ensure that all systems running GIMP are updated immediately to remediate this off-by-one error. Patching is the most effective way to mitigate this risk, and users should be reminded to exercise caution when handling files from unknown or unverified sources.