CVE-2026-58386
Public on 2026-07-08
Modified on 2026-07-08
Description
A flaw was found in GIMP's TIM loader. File-controlled width, height, and palette size values are used directly in multiple variable-length array declarations in load_image(), allowing a crafted TIM file to force oversized stack allocations and memory corruption. This could lead to denial of service or arbitrary code execution.
Severity
See what this means
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2 - Gimp Extra | gimp | Not Affected |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |