Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
3123 articles · 171736 vulns · 36/41 feeds (7d)
← Back to list
7.3
CVE-2026-58379EXPLOITED
red hat · red hat enterprise linux

Gimp: gimp: heap buffer overflow in read_channel_data()

Description

A flaw was found in GIMP's Paint Shop Pro (PSP) file format parser. This heap buffer overflow vulnerability allows a remote attacker to cause arbitrary code execution or a denial of service (DoS) by tricking a user into opening a specially crafted PSP image file. The vulnerability occurs because the software incorrectly calculates buffer sizes when processing low bit-depth images, leading to an overwrite of adjacent memory.

Affected Products

VendorProductVersions
red hatred hat enterprise linux—

Also Affects

Downstream vendors/products affected by this vulnerability

VendorProductSourceConfidence
open sourceopen source gimpcert_advisory90%

References

  • https://access.redhat.com/security/cve/CVE-2026-58379(vdb-entry, x_refsource_REDHAT)
  • https://bugzilla.redhat.com/show_bug.cgi?id=2495997(issue-tracking, x_refsource_REDHAT)
  • https://gitlab.gnome.org/GNOME/gimp/-/commit/b630f167
  • https://gitlab.gnome.org/GNOME/gimp/-/issues/16205

Related News (2 articles)

Tier B
BSI Advisories3h ago
[NEU] [mittel] GIMP: Schwachstelle ermöglicht Codeausführung und Denial of Service
→ No new info (linked only)
Tier C
VulDB2d ago
CVE-2026-58379 | GIMP PSP Image heap-based overflow
→ No new info (linked only)
CVSS 3.17.3 NONE
CISA KEV❌ No
Actively exploited✅ Yes
CWECWE-122
PublishedJul 3, 2026
Last enriched2d ago
Tags
remote code executionfile manipulationdenial of servicemultiple vulnerabilities
Trending Score51
Source articles2
Independent2
Info Completeness0/14
Missing: cve_id, title, description, vendor, product, versions, cvss, epss, cwe, kev, exploit, patch, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

MEDIUMCVE-2026-14613EXP
Keycloak-services: keycloak-services: keycloak: fgap v2 role groups endpoint discloses hidden group metadata without group view permission
Trending: 54
MEDIUMCVE-2026-14614EXP
Keycloak-services: keycloak-services: fgap v2 client scope assignment bypass via clientresource
Trending: 54
HIGHCVE-2026-9165EXP
Stackrox: stackrox: unbounded graphql query depth allows authenticated denial of service
Trending: 47
MEDIUMCVE-2026-14615
Keycloak-services: keycloak: fgap v2 parent group children endpoint bypasses per-child view permission filter
Trending: 34
HIGHCVE-2026-55628EXP
ImageMagick: Policy Bypass in concatenate operation due to missing checks
Trending: 32

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jul 3, 2026
Discovered by ZDM
Jul 3, 2026
Actively Exploited
Jul 6, 2026
Exploit Available
Jul 6, 2026