CVE-2026-58380
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD
Description
A flaw was found in GIMP's PNM file format parser. When parsing a specially crafted PNM file, the pnmscanner_gettoken() function writes a null terminator one byte past the end of a stack-allocated buffer due to an off-by-one error in the loop boundary check. This could lead to memory corruption, potentially resulting in denial of service or arbitrary code execution.
Affected (4)
Products: Gimp: Gimp · Redhat: Enterprise Linux
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 3.2.4 | |
| Version 7.0 |
References (5)
Source: secalert@redhat.com
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Issue TrackingThird Party Advisory
Source: secalert@redhat.com
ExploitIssue TrackingVendor Advisory
Timeline
No history available yet.