CVE Catalog

CVE-2026-58379

HighCVSS 7.3
Published: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.23%

14th percentile — higher than 14% of all known CVEs

Summary

A heap buffer overflow vulnerability was found in GIMP's Paint Shop Pro (PSP) file format parser. The flaw occurs due to incorrect buffer size calculations when processing low bit-depth images, allowing a remote attacker to execute arbitrary code or cause a denial of service (DoS) by tricking a user into opening a specially crafted PSP file.

Risk Assessment

The organization faces the risk of system compromise or service disruption if a user opens a malicious PSP image file. An attack could lead to data theft, malware installation, or operational downtime.

Recommendation

Immediately update GIMP to the latest version containing the security fix. Until the update is applied, avoid opening PSP files from untrusted sources.

Original NVD description (English source)

A flaw was found in GIMP's Paint Shop Pro (PSP) file format parser. This heap buffer overflow vulnerability allows a remote attacker to cause arbitrary code execution or a denial of service (DoS) by tricking a user into opening a specially crafted PSP image file. The vulnerability occurs because the software incorrectly calculates buffer sizes when processing low bit-depth images, leading to an overwrite of adjacent memory.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS