CVE-2026-58388
Public on 2026-07-08
Modified on 2026-07-08
Description
A flaw was found in GIMP's Seattle FilmWorks (SFW94A) loader. A stack-based out-of-bounds write occurs in load_image() because a stack buffer sized as file_size - 0xE0 is later indexed using bounds based on file_size. This can corrupt stack memory and potentially lead to denial of service or arbitrary code execution.
Severity
See what this means
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2 - Gimp Extra | gimp | Not Affected |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |