CVE-2026-58379
HighCVSS 7.3Exploitation Probability (EPSS)
Low risk14th percentile — higher than 14% of all known CVEs
Summary
A heap buffer overflow vulnerability was found in GIMP's Paint Shop Pro (PSP) file format parser. The flaw occurs due to incorrect buffer size calculations when processing low bit-depth images, allowing a remote attacker to execute arbitrary code or cause a denial of service (DoS) by tricking a user into opening a specially crafted PSP file.
Risk Assessment
The organization faces the risk of system compromise or service disruption if a user opens a malicious PSP image file. An attack could lead to data theft, malware installation, or operational downtime.
Recommendation
Immediately update GIMP to the latest version containing the security fix. Until the update is applied, avoid opening PSP files from untrusted sources.
Original NVD description (English source)
A flaw was found in GIMP's Paint Shop Pro (PSP) file format parser. This heap buffer overflow vulnerability allows a remote attacker to cause arbitrary code execution or a denial of service (DoS) by tricking a user into opening a specially crafted PSP image file. The vulnerability occurs because the software incorrectly calculates buffer sizes when processing low bit-depth images, leading to an overwrite of adjacent memory.

