← Back

CVE-2026-58380

nvd nist
Published: Jul 6, 2026Modified: Jul 16, 2026

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

A flaw was found in GIMP's PNM file format parser. When parsing a specially crafted PNM file, the pnmscanner_gettoken() function writes a null terminator one byte past the end of a stack-allocated buffer due to an off-by-one error in the loop boundary check. This could lead to memory corruption, potentially resulting in denial of service or arbitrary code execution.

Affected (4)

1 product
Gimp
1 product
Enterprise Linux
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Version 3.2.4
Redhat
Version 7.0
Version 8.0
Version 9.0

References (5)

Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Issue TrackingThird Party Advisory
Source: secalert@redhat.com
Broken Link
Source: secalert@redhat.com
ExploitIssue TrackingVendor Advisory

Timeline

No history available yet.