CVE-2026-58379

Public on 2026-07-03
Modified on 2026-07-06
Description
A flaw was found in GIMP's Paint Shop Pro (PSP) file format parser. This heap buffer overflow vulnerability allows a remote attacker to cause arbitrary code execution or a denial of service (DoS) by tricking a user into opening a specially crafted PSP image file. The vulnerability occurs because the software incorrectly calculates buffer sizes when processing low bit-depth images, leading to an overwrite of adjacent memory.
Severity
Important severity
Important
See what this means
CVSS v3 Base Score
7.8
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 2 - Gimp Extra gimp Not Affected
Amazon Linux 2 - Gimp Extra gimp-data-extras Not Affected
Amazon Linux 2 - Gimp Extra gimp-help Not Affected

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H