CVE-2026-58384

GIMP (via Red Hat) · GIMP

An integer overflow vulnerability exists in the GIMP PSD parser, which may lead to memory corruption when processing malformed image files.

Executive summary

A memory corruption vulnerability in the GIMP PSD parser could allow an attacker to execute arbitrary code or crash the application if a user is tricked into opening a malicious file.

Vulnerability

This vulnerability is caused by an integer overflow (CWE-190) within the GIMP PSD parser, requiring a local, authenticated user to interact with a specially crafted PSD file for successful exploitation.

Business impact

A successful exploit could result in full application compromise, potentially leading to unauthorized data access or the execution of malicious code with the privileges of the user running the application. With a CVSS score of 7.3, this flaw poses a significant risk to workstations where users frequently handle untrusted image files, potentially impacting the integrity and availability of local system resources.

Remediation

Immediate Action: Apply the latest security updates provided by your Linux distribution vendor to ensure the GIMP package is patched.

Proactive Monitoring: Review system logs for signs of application crashes or unusual process behavior associated with GIMP or image processing tasks.

Compensating Controls: Advise users to avoid opening untrusted or unknown PSD files and ensure that GIMP is run with the minimum necessary privileges to reduce the impact of a potential compromise.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Users should prioritize updating their systems to the latest available package versions provided by Red Hat. Given the potential for arbitrary code execution, this update should be applied as part of standard routine maintenance for all affected enterprise workstations.