Off-by-One Memory Corruption Vulnerability in GIMP's PNM File Parser
CVE-2026-58380
7.3HIGH
What is CVE-2026-58380?
A flaw exists in the PNM file format parser of GIMP that allows a specially crafted PNM file to exploit the pnmscanner_gettoken() function. Due to an off-by-one error in the loop boundary check, this vulnerability can lead to a null terminator being written past the end of a stack-allocated buffer. The resulting memory corruption opens the door for potential denial of service or execution of arbitrary code, posing significant risks to users of affected versions.
References
CVSS V3.1
Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Red Hat would like to thank bb1abu for reporting this issue.