Heap Memory Corruption in GIMP's PSD Parser Affecting Multiple Versions
CVE-2026-58384
7.3HIGH
What is CVE-2026-58384?
A critical flaw exists in GIMP's PSD parser due to an integer overflow in the read_RLE_channel() function. This flaw can result in an inadequate allocation of heap space for the RLE row-length table. Following this, subsequent writes to each row can corrupt the heap memory, potentially leading to memory corruption issues. Exploiting this vulnerability may allow attackers to trigger denial of service incidents or execute arbitrary code within the affected system.
References
CVSS V3.1
Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Red Hat would like to thank bb1abu for reporting this issue.