CVE-2026-58381

Public on 2026-07-02
Modified on 2026-07-03
Description
A flaw was found in GIMP's PSP file format parser. A double-free condition occurs in the read_layer_block() function when processing a specially crafted PSP file. This could allow an attacker to cause memory corruption, potentially leading to denial of service or arbitrary code execution.
Severity
Medium severity
Medium
See what this means
CVSS v3 Base Score
6.6
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 2 - Gimp Extra gimp Pending Fix
Amazon Linux 2 - Gimp Extra gimp-data-extras Not Affected
Amazon Linux 2 - Gimp Extra gimp-help Not Affected

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H