CVE Catalog

CVE-2026-58381

MediumCVSS 6.1
Published: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile — higher than 2% of all known CVEs

Summary

A double-free vulnerability was found in GIMP's PSP file format parser in the read_layer_block() function. Processing a specially crafted PSP file can cause memory corruption.

Risk Assessment

An attacker could exploit this flaw to cause denial of service or potentially achieve arbitrary code execution in the context of the user running GIMP.

Recommendation

Update GIMP to the latest version containing the fix for CVE-2026-58381 immediately and avoid opening PSP files from untrusted sources.

Original NVD description (English source)

A flaw was found in GIMP's PSP file format parser. A double-free condition occurs in the read_layer_block() function when processing a specially crafted PSP file. This could allow an attacker to cause memory corruption, potentially leading to denial of service or arbitrary code execution.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS