Heap Buffer Overflow Vulnerability in GIMP's Paint Shop Pro File Format Parser
CVE-2026-58379

7.3HIGH

What is CVE-2026-58379?

A vulnerability exists in GIMP's Paint Shop Pro (PSP) file format parser which can lead to a heap buffer overflow. This flaw enables a remote attacker to potentially execute arbitrary code or trigger a denial of service (DoS) by convincing a user to open a specially crafted PSP image file. The issue arises from the improper calculation of buffer sizes when handling low bit-depth images, resulting in possible overwrites of adjacent memory. Users are advised to remain cautious and update their GIMP installations to mitigate the risk.

References

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.