Off-by-One Memory Corruption Vulnerability in GIMP's PNM File Parser
CVE-2026-58380

7.3HIGH

What is CVE-2026-58380?

A flaw exists in the PNM file format parser of GIMP that allows a specially crafted PNM file to exploit the pnmscanner_gettoken() function. Due to an off-by-one error in the loop boundary check, this vulnerability can lead to a null terminator being written past the end of a stack-allocated buffer. The resulting memory corruption opens the door for potential denial of service or execution of arbitrary code, posing significant risks to users of affected versions.

References

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Red Hat would like to thank bb1abu for reporting this issue.
.